AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit `akdd init` downloads the repository's moving `main` archive, copies agent/configuration files into the current project, installs a dependency, and configures package-owned tooling. This creates a real remote-bootstrap and AI-agent extension lifecycle risk, but not install-time malware behavior.
Decision evidence
public snapshot- `src/init.js` fetches an unpinned GitHub `main` tarball and copies it into the invoked project.
- `src/init.js` runs `npm install better-sqlite3 --save` in the invoked project.
- `src/init.js` automatically invokes MCP setup after explicit `akdd init`.
- `src/mcp-setup.js` writes project MCP config and can register `claude mcp add`; `--global` writes Cursor global config.
- `.agentic/grafo/install-hooks.cjs` installs a package-owned post-commit hook during init.
- `.agentic/grafo/collab-manager.cjs` has explicit collaboration calls to `agentic-collab.adrianlpz-game.workers.dev`.
- `package.json` has no preinstall/install/postinstall hook; `prepare` only chmods `bin/akdd.js`.
- Network/bootstrap and filesystem mutations require explicit CLI commands, principally `akdd init` or `akdd mcp`.
- No source evidence of credential-file harvesting, environment secret collection, or covert data exfiltration was found.
- Git hook installer avoids replacing hooks lacking its own marker.
- Dashboard binds locally to `127.0.0.1`; CDN URLs are browser visualization assets.
- `rif.pdf` is a valid one-page PDF, not an executable payload.
Source & flagged code
6 flagged · loading sourcePackage source references dynamic require/import behavior.
bin/akdd.jsView on unpkg · L3Package source invokes a package manager install command at runtime.
src/init.jsView on unpkg · L216This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dashboard.cjsView on unpkg