AI Security Review
scanned 2d ago · by lpm-firewall-aiInstall-time lifecycle code mutates Claude/AI-agent control surfaces by installing skills and registering MCP servers. This happens during npm install, before explicit CLI setup.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/postinstall.js.
- scripts/postinstall.js copies bundled skills into ~/.claude/skills/sidecar and ~/.claude/skills/second-opinion during install.
- scripts/postinstall.js registers MCP servers named amicus and sidecar via claude mcp add-json or direct config writes.
- scripts/postinstall.js writes ~/.claude.json and Claude Desktop claude_desktop_config.json fallback entries.
- MCP config uses command npx with args -y amicus@latest mcp, causing future agent tool launches to run package-controlled code.
- skills/*.md contain operational instructions for Claude/agent behavior, installed automatically at lifecycle time.
- Package is openly an AI sidecar/MCP CLI, so MCP and skill files are product-aligned.
- No credential exfiltration or unrelated external C2 endpoint found in inspected source.
- Credential loading in bin/amicus.js/env-loader.js only populates process.env for provider API use.
- Most runtime network endpoints are provider/model APIs aligned with the CLI purpose.
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
bin/amicus.jsView on unpkg · L13Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.jsView on unpkg · L5This package version adds a dangerous source file absent from the previous stored version.
src/mcp-server.jsView on unpkg