AI Security Review
scanned 13h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious npm-install-time behavior was found. The package does perform explicit-user-command AI agent setup, including Claude hooks/plugins/MCP registration and local dashboard autostart support, which is a real agent extension lifecycle risk.
Decision evidence
public snapshot- installer/index.js explicit install writes AI runtime config and hooks under user config dirs
- installer/adapters/claude-code.js overwrites Claude Code hook arrays in settings.json
- installer/frontend-tooling.js registers Magic MCP and runs npx -y motion-ai during arkaos install/update
- installer/claude-plugins.js adds a third-party Claude plugin marketplace and installs default plugins
- installer/cli.js builds shell command strings from user args for models/index/search
- package.json has no preinstall/install/postinstall hook; only prepublishOnly test/version check
- installer actions are reached through user-invoked arkaos install/update/autostart commands, not npm install lifecycle
- departments/dev/skills/env-secrets/SKILL.md contains example secret regexes/placeholders, not live credentials
- Network/API URLs found are package-aligned provider/dashboard configs; no credential harvesting or exfiltration flow seen
- autostart persistence is opt-in via arkaos autostart enable
Source & flagged code
8 flagged · loading sourcePackage contains a critical-looking secret pattern.
departments/dev/skills/env-secrets/SKILL.mdView on unpkg · L31AWS access key ID in departments/dev/skills/env-secrets/SKILL.md
departments/dev/skills/env-secrets/SKILL.mdView on unpkg · L31Package source references child process execution.
installer/frontend-tooling.jsView on unpkg · L17Package source invokes a package manager install command at runtime.
installer/frontend-tooling.jsView on unpkg · L7Source writes installer persistence such as shell profile or service configuration.
installer/autostart.jsView on unpkg · L13Package ships non-JavaScript build or shell helper files.
core/conclave/persistence.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
installer/cli.jsView on unpkg