AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack chain was found, but the package has substantial explicit-command lifecycle risk because its installer mutates AI-agent configuration and installs agent extensions. These actions are product-aligned but broad enough to warrant a warning.
Decision evidence
public snapshot- `npx arkaos install` is the default bin action and writes AI-agent config under `~/.claude`, `~/.codex`, `~/.gemini`, or `~/.cursor`.
- `installer/adapters/claude-code.js` overwrites Claude Code hook entries in `~/.claude/settings.json` to execute ArkaOS hook scripts.
- `installer/index.js` installs ArkaOS skills/agents into `~/.claude/skills` and `~/.claude/agents`, plus a background scheduler service.
- `installer/claude-plugins.js` registers a third-party Claude plugin marketplace and installs default Claude plugins during ArkaOS install/update.
- `installer/frontend-tooling.js` can register a Magic MCP and run `npx -y motion-ai` when Claude CLI and required key are present.
- `installer/graphify.js` may install `graphifyy` via `uv`/`pipx` and run `graphify install` as best-effort setup.
- `package.json` has no preinstall/install/postinstall hook; npm package installation alone does not trigger these mutations.
- The risky behavior is tied to explicit user commands such as `arkaos install`, `update`, `autostart`, or `dashboard`.
- No source evidence of credential harvesting or exfiltration; API keys are prompted or read for declared provider/tool setup and saved locally.
- Autostart/dashboard/scheduler persistence is visible product functionality, not hidden stealth persistence.
- The scanner secret hit in `departments/dev/skills/env-secrets/SKILL.md` is documentation containing example secret patterns, not a real credential.
- Network/API references are mostly package-aligned providers, local services, or package-manager installs.
Source & flagged code
8 flagged · loading sourcePackage contains a critical-looking secret pattern.
departments/dev/skills/env-secrets/SKILL.mdView on unpkg · L31AWS access key ID in departments/dev/skills/env-secrets/SKILL.md
departments/dev/skills/env-secrets/SKILL.mdView on unpkg · L31Package source references child process execution.
installer/frontend-tooling.jsView on unpkg · L17Package source invokes a package manager install command at runtime.
installer/frontend-tooling.jsView on unpkg · L7Source writes installer persistence such as shell profile or service configuration.
installer/autostart.jsView on unpkg · L13Package ships non-JavaScript build or shell helper files.
core/fusion/__init__.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
installer/cli.jsView on unpkg