AI Security Review
scanned 17h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is an AI-agent/KDD platform CLI that can install project agent instructions, hooks, dashboard files, and MCP configuration when invoked. This is a real agent extension lifecycle risk, but the inspected package does not perform unconsented npm lifecycle hijacking.
Decision evidence
public snapshot- src/init.js downloads GitHub main tarball during user-invoked akdd init
- src/init.js copies CLAUDE.md, .cursorrules, .cursor, .audit, dashboard.cjs, docs, and .agentic into the current project
- src/init.js and src/update.js install project git hooks and run local .agentic/grafo helpers after explicit CLI commands
- src/mcp-setup.js writes .cursor/mcp.json and can register Claude MCP when akdd mcp/init is run
- bin/akdd.js delegates many commands through child_process execSync to .agentic/grafo modules
- package.json prepare only chmods bin/akdd.js; no install/postinstall hook runs init, update, or MCP setup
- Agent/IDE control-surface writes are explicit CLI actions, not import-time or npm lifecycle execution
- Network use is package-aligned GitHub/download/setup and optional collab endpoints in embedded/generated tooling, not observed credential exfiltration
- No shell startup, OS autostart, broad home persistence, destructive wipe, or secret harvesting found in inspected active files
- rif.pdf and repomix-output.xml appear as shipped docs/blobs, not executed by package entrypoints
Source & flagged code
6 flagged · loading sourcePackage source references dynamic require/import behavior.
bin/akdd.jsView on unpkg · L3Package source invokes a package manager install command at runtime.
src/init.jsView on unpkg · L216This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dashboard.cjsView on unpkg