AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Install-time code mutates broad Claude agent control surfaces without an explicit user invocation. It plants Claude skills and registers a standing MCP server that later launches amicus via npx latest.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/postinstall.js.
- scripts/postinstall.js copies package skills into ~/.claude/skills/sidecar and ~/.claude/skills/second-opinion during npm install.
- scripts/postinstall.js registers an amicus MCP server in Claude Code via claude mcp add-json or ~/.claude.json fallback.
- scripts/postinstall.js writes Claude Desktop/Cowork claude_desktop_config.json with command npx -y amicus@latest mcp.
- skills/sidecar/SKILL.md instructs Claude to run amicus/npx commands and use background launches; this is planted into Claude's global skill surface by lifecycle code.
- Package purpose is openly agent/LLM sidecar and council tooling, and the planted skill/MCP content is product-aligned.
- Postinstall has AMICUS_SKIP_POSTINSTALL=1 opt-out and tries to preserve existing amicus-shaped MCP env values.
- Default Electron postinstall provisioning is cache-only; network prewarm requires AMICUS_PREFETCH_ELECTRON=1.
- No credential exfiltration or destructive file deletion found in inspected source.
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
bin/amicus.jsView on unpkg · L10Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.jsView on unpkg · L5Source file is highly similar to a previously finalized malicious package; route for source-aware review.
src/sidecar/electron-install.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
src/sidecar/unzip.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/mcp-server.jsView on unpkg