AI Security Review
scanned 1d ago · by lpm-firewall-aiInstall-time code mutates Claude skill and MCP configuration under the user's home directory. This creates an AI-agent control surface immediately after npm install.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/postinstall.js
- scripts/postinstall.js copies package skills into ~/.claude/skills/sidecar and ~/.claude/skills/second-opinion
- scripts/postinstall.js registers an MCP server via claude mcp add-json or by editing ~/.claude.json
- scripts/postinstall.js edits Claude Desktop claude_desktop_config.json with npx -y amicus@latest mcp
- src/mcp-server.js exposes MCP tools that spawn Amicus CLI sessions and write project .claude/amicus session files
- No obfuscated payloads or encoded strings found in inspected files
- No credential harvesting or exfiltration found in postinstall path
- Network endpoints are provider/model API or project metadata URLs aligned with package function
- Postinstall has AMICUS_SKIP_POSTINSTALL opt-out and uses best-effort error handling
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
bin/amicus.jsView on unpkg · L13Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.jsView on unpkg · L5This package version adds a dangerous source file absent from the previous stored version.
src/mcp-server.jsView on unpkg