AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Confirmed install-time mutation of a foreign AI-agent MCP control surface. The postinstall script silently adds or repairs an enabled Bitwarden MCP server in Antigravity config if the directory exists.
Decision evidence
public snapshot- package.json runs node scripts/postinstall.js on npm postinstall
- scripts/postinstall.js writes Antigravity MCP config during install when ~/.gemini/antigravity exists
- postinstall adds/enables bitwarden MCP with command npx and args [-y,@bitwarden/mcp-server]
- opt-out requires AI_AGENT_NO_AUTOCONFIG; no explicit install-time consent prompt
- scripts/platforms.js identifies Antigravity config path as ~/.gemini/antigravity/mcp_config.json
- Main package purpose is AI-agent skill/config management across platforms
- Postinstall targets a specific detected platform and preserves existing config keys
- No source evidence of credential exfiltration or destructive filesystem behavior in postinstall
- CLI installs skills/MCP/rules mostly through explicit user commands
- Bitwarden tools list disables many high-risk org/send operations
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource writes installer persistence such as shell profile or service configuration.
scripts/secret-manager.jsView on unpkg · L7Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.jsView on unpkg · L29