AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit setup/update commands download mutable code from the repository main branch and write Agentic KDD files into the current project. Explicit MCP setup registers a package-owned server with supported AI tools. No install-time attack behavior is confirmed.
Decision evidence
public snapshot- `src/init.js` downloads a GitHub main-branch tarball and copies `.agentic`, `.cursor`, `CLAUDE.md`, and dashboard files into the current project.
- `src/update.js` repeats remote tarball download and overwrites project agent/configuration files.
- `src/mcp-setup.js` writes Cursor MCP config and, when explicitly invoked, runs `claude mcp add/remove`.
- `bin/akdd.js` shells out to project-local `.agentic/grafo` modules selected from the working directory.
- `package.json` has no `preinstall`, `install`, or `postinstall`; `prepare` only chmods `bin/akdd.js`.
- Remote download, project writes, MCP setup, and shell execution require explicit `akdd init`, `akdd update`, or `akdd mcp` commands.
- No credential harvesting, environment-secret collection, or outbound exfiltration was found in inspected executable sources.
- `dashboard.cjs` binds its HTTP server to `127.0.0.1`; its browser-open command targets that local URL.
Source & flagged code
6 flagged · loading sourcePackage source references dynamic require/import behavior.
bin/akdd.jsView on unpkg · L3This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dashboard.cjsView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dashboard.cjsView on unpkg · L5Package source invokes a package manager install command at runtime.
src/update.jsView on unpkg · L114