AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package performs install-time mutation of multiple AI-agent control surfaces. The postinstall script adds MCP servers, hooks, and global instructions for Claude, Cursor, Windsurf, Cline, and Codex without requiring an explicit setup command.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/postinstall.mjs
- scripts/postinstall.mjs writes ~/.claude/settings.json mcpServers and SessionStart hook during install
- scripts/postinstall.mjs injects startup rules into ~/.claude/CLAUDE.md, ~/.cursorrules, ~/.windsurfrules, ~/.clinerules, ~/.codex/CODEX.md
- scripts/postinstall.mjs writes MCP configs for Cursor, Cline, Windsurf, and Codex CLI or runs codex mcp add
- dist/setup.js also configures Claude/Codex hooks and MCP, but as explicit aifp-setup command
- No hardcoded exfiltration endpoint in postinstall path
- Remote client requires user-set COGNITION_SERVER_URL and COGNITION_API_KEY
- Core package behavior is an MCP memory server using local ~/.ai-cognition data
- No obfuscated payload or credential harvesting found in inspected files
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source invokes a package manager install command at runtime.
dist/setup.jsView on unpkg · L123Package source references dynamic require/import behavior.
scripts/backfill-links.mjsView on unpkg · L17Package source references weak cryptographic algorithms.
dist/import.jsView on unpkg · L137This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/db.jsView on unpkg