AI Security Review
scanned 3d ago · by lpm-firewall-aiInstall-time lifecycle mutates Claude/Cowork AI-agent control surfaces without an explicit user command. It drops skills and registers an MCP server that AI clients may later invoke.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/postinstall.js.
- scripts/postinstall.js copies package skills into ~/.claude/skills/{sidecar,second-opinion}.
- scripts/postinstall.js registers MCP servers named amicus and sidecar via claude CLI or config file edits.
- MCP config runs npx -y amicus@latest mcp from AI-agent clients.
- scripts/setup-hooks.js can alter git core.hooksPath when postinstall runs in a git checkout.
- No credential exfiltration found in inspected files.
- Network/API usage appears aligned with multi-model LLM client functionality.
- Postinstall is non-fatal and supports AMICUS_SKIP_POSTINSTALL=1.
- CLI credential loading reads local env/auth.json for provider use, not outbound theft.
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
bin/amicus.jsView on unpkg · L13Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.jsView on unpkg · L5