AI Security Review
scanned 6h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Install-time code mutates broad Claude/Cowork AI-agent control surfaces without an explicit user action beyond npm install. It plants skills and registers a standing MCP server that will execute npx -y amicus@latest mcp from Claude clients.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/postinstall.js
- scripts/postinstall.js copies package skills into ~/.claude/skills/sidecar and ~/.claude/skills/second-opinion
- scripts/postinstall.js registers MCP server in Claude Code via claude mcp add-json or writes ~/.claude.json
- scripts/postinstall.js writes Claude Desktop claude_desktop_config.json with mcpServers.amicus
- MCP config launches npx -y amicus@latest mcp, creating standing agent tool registration
- scripts/setup-hooks.js can set git core.hooksPath during postinstall when run inside a git checkout
- Package is openly an AI sidecar/council tool for Claude and ships matching plugin manifests
- MCP entries are named amicus and use product-aligned command args
- No credential exfiltration or destructive payload found in inspected source
- Electron provisioning is cache-only by default; network prefetch requires AMICUS_PREFETCH_ELECTRON=1
- Runtime provider API calls are package-aligned model/key validation endpoints
Source & flagged code
9 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
bin/amicus.jsView on unpkg · L10Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.jsView on unpkg · L5Source file is highly similar to a previously finalized malicious package; route for source-aware review.
src/sidecar/electron-install.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
src/sidecar/interactive.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
src/sidecar/unzip.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
src/headless.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
src/sidecar/setup-window.jsView on unpkg