AI Security Review
scanned 5h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package provides an AI workflow/dashboard tool that can install project AI-agent workflow files and optional autostart. This is a real agent-extension lifecycle surface, but source inspection does not show malicious install-time takeover, exfiltration, or remote payload execution.
Decision evidence
public snapshot- package.json has global-install postinstall importing dist/cli/postinstall.js.
- dist/cli/postinstall.js can kill/restart an existing package-owned background server from ~/.ai-knowledge-center/server.pid.json.
- dist/cli/project-upgrader.js writes AI workflow/control files on explicit `aikc upgrade --write`: AGENTS.md, ai-workflow.yaml, ai-knowledge/**, .aikc/upgrade/AI_UPGRADE_PROMPT.md.
- Generated ensure-aikc-cli.cjs runs npm view/install against https://registry.npmjs.org and can stop/restart aikc.
- dist/cli/autostart.js can install login persistence via LaunchAgents or schtasks, but only through `aikc autostart install`.
- No credential harvesting or external exfiltration found in inspected source.
- No install-time foreign/broad AI-agent config mutation; postinstall only runs on global install and only restarts existing AIKC server.
- Upgrade writes are explicit user-command setup and preserve differing files unless --force is passed.
- HTTP server binds to 127.0.0.1 by default and serves local dashboard/API.
- MCP command execution is allowlisted by project ai-workflow.yaml and dangerous commands require confirmation.
Source & flagged code
6 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource writes installer persistence such as shell profile or service configuration.
dist/cli/autostart.jsView on unpkg · L3This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli/project-upgrader.jsView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/cli/project-upgrader.jsView on unpkg · L6Package ships high-entropy non-source blobs.
dist/client/assets/GeistMono-Variable-Dispecij.woff2View on unpkg