AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. npm postinstall mutates Claude Code and Claude Desktop/Cowork control surfaces. It installs auto-triggered skills and registers a user-scope MCP server that later executes `amicus@latest`.
Decision evidence
public snapshot- `package.json` runs `node scripts/postinstall.js` automatically.
- `scripts/postinstall.js` copies package skills into `~/.claude/skills/` without user action.
- Postinstall registers an `amicus` MCP server in `~/.claude.json` and Claude Desktop config.
- The injected MCP command is `npx -y amicus@latest mcp`, a mutable latest-version launcher.
- Postinstall overwrites any non-Amicus MCP entry named `amicus`.
- No default postinstall network request is confirmed; Electron network prewarm requires `AMICUS_PREFETCH_ELECTRON=1`.
- Observed API-key handling supports the package's stated multi-model runtime, not install-time exfiltration.
Source & flagged code
9 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
bin/amicus.jsView on unpkg · L10Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.jsView on unpkg · L5Source file is highly similar to a previously finalized malicious package; route for source-aware review.
src/sidecar/electron-install.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
src/mcp-server.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
src/sidecar/interactive.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
src/sidecar/unzip.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
src/headless.jsView on unpkg