AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Installing the package runs a postinstall script that modifies broad, foreign AI-agent control surfaces without user confirmation. It injects persistent instructions and registers a local MCP server across multiple user-level AI tools.
Decision evidence
public snapshot- `package.json` runs `node scripts/postinstall.mjs` automatically after installation.
- `scripts/postinstall.mjs` unconditionally edits global Claude, Cursor, Windsurf, Cline, and Codex AI-tool configuration.
- It appends AI startup instructions to `~/.claude/CLAUDE.md`, `~/.cursorrules`, `~/.windsurfrules`, `~/.clinerules`, and `~/.codex/CODEX.md`.
- It registers an `ai-cognition` MCP server in user-level config and invokes `codex mcp add` during install.
- The claimed global-install guard is only a comment; the main flow always calls all mutation functions.
- No install-time network request or credential-exfiltration code was found.
- The missing `dist/hooks/check-status.mjs` prevents the attempted Claude hook copy and registration.
- Runtime model downloads target Hugging Face endpoints for the package's embedding feature, not the installer.
- `dist/index.js` starts a local stdio MCP server; no remote control path is automatic by default.
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
scripts/postinstall.mjsView on unpkg · L13Package source invokes a package manager install command at runtime.
scripts/postinstall.mjsView on unpkg · L6Package source references dynamic require/import behavior.
scripts/backfill-links.mjsView on unpkg · L17This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/db.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/db.jsView on unpkg