AI Security Review
scanned 9h ago · by lpm-firewall-aiInstall triggers unconsented mutation of broad Claude/Cowork AI-agent control surfaces. It plants package skills and registers a standing MCP server that later runs `npx -y amicus@latest mcp`.
Decision evidence
public snapshot- package.json runs `node scripts/postinstall.js` on postinstall.
- scripts/postinstall.js copies package skills into `~/.claude/skills/sidecar` and `~/.claude/skills/second-opinion`.
- scripts/postinstall.js registers an MCP server in Claude Code via `claude mcp add-json` or edits `~/.claude.json`.
- scripts/postinstall.js edits Claude Desktop config at `claude_desktop_config.json` with `command: npx`, `args: ['-y','amicus@latest','mcp']`.
- scripts/postinstall.js also runs `scripts/setup-hooks.js` and may provision Electron cache, but those are secondary.
- The lifecycle mutations are product-aligned for an AI sidecar/MCP package.
- Postinstall has `AMICUS_SKIP_POSTINSTALL=1` escape hatch and wraps failures to exit 0.
- MCP server code shows project-root containment checks for explicit project paths.
- No credential exfiltration endpoint or destructive payload was confirmed in inspected files.
Source & flagged code
9 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
bin/amicus.jsView on unpkg · L13Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.jsView on unpkg · L5Source file is highly similar to a previously finalized malicious package; route for source-aware review.
src/sidecar/electron-install.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
src/mcp-server.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
src/sidecar/interactive.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
src/sidecar/unzip.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
src/headless.jsView on unpkg