AI Security Review
scanned 2d ago · by lpm-firewall-aiInstall-time lifecycle mutates Claude AI-agent control surfaces by installing skills and registering MCP servers. This occurs during npm install, before an explicit in-app consent flow.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/postinstall.js.
- scripts/postinstall.js copies package skills into ~/.claude/skills/sidecar and ~/.claude/skills/second-opinion.
- scripts/postinstall.js registers MCP servers in Claude Code via claude mcp add-json and falls back to editing ~/.claude.json.
- scripts/postinstall.js edits Claude Desktop config and registers amicus/sidecar MCP entries using npx -y amicus@latest mcp.
- skills/sidecar/SKILL.md contains agent instructions that trigger model-spawning behavior and tool-use rules.
- AI-agent integration is described in package.json and .claude-plugin/plugin.json, so behavior is package-aligned.
- No confirmed credential exfiltration found; env/auth.json reads are used to configure LLM provider access.
- Default postinstall Electron repair is cache-only; networked Electron prewarm requires AMICUS_PREFETCH_ELECTRON=1.
- MCP runtime writes session metadata and prompts under project .claude/amicus_sessions for user-invoked runs.
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
bin/amicus.jsView on unpkg · L13Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.jsView on unpkg · L5This package version adds a dangerous source file absent from the previous stored version.
src/mcp-server.jsView on unpkg