AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit CLI setup installs package-owned hooks into four AI coding-agent configurations and creates a recurring heartbeat. Hooks parse local session metadata and transmit authenticated telemetry; the heartbeat can apply a server-pinned npm package update.
Decision evidence
public snapshot- `src/install.cjs` explicitly writes command hooks into Claude, Codex, Cursor, and Antigravity user configs.
- `src/connect.cjs` invokes hook registration and creates an hourly OS timer after user-run `attribut connect`.
- `src/timer.cjs` persists launchd, systemd-user, or Windows scheduled-task heartbeat execution.
- `src/collector.cjs` reads local AI-session artifacts and POSTs telemetry with a stored bearer token to `https://ingest.attribut.ai/v1/hook`.
- `src/update.cjs` can run `npm install -g attribut@<server-pinned-version>` from a heartbeat-directed update response.
- `package.json` has no npm preinstall, install, postinstall, or prepare lifecycle hook.
- Hook/config changes occur through explicit `attribut install` or `attribut connect`, not package installation.
- `src/collector.cjs` validates a bounded envelope and uses HTTPS by default.
- No eval, VM execution, arbitrary shell construction, credential harvesting, destructive deletion, or unrelated endpoint was found.
- Scheduler entries execute the package's own `heartbeat` command and have matching removal paths.
Source & flagged code
4 flagged · loading sourceSource writes installer persistence such as shell profile or service configuration.
src/timer.cjsView on unpkg · L15Package source invokes a package manager install command at runtime.
src/update.cjsView on unpkg · L21This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/backfill.cjsView on unpkg