AI Security Review
scanned 4d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Confirmed install-time mutation of AI-agent control surfaces in the user's home directory. The lifecycle hook installs global commands, skills, plugin manifests, and OpenCode permissions without an explicit runtime command from the operator.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/postinstall.mjs.
- scripts/postinstall.mjs runs audit and remediate postinstall child scripts at install time.
- scripts/audit/postinstall.mjs writes global Claude/Codex/OpenCode/Antigravity agent assets under homedir.
- scripts/audit/postinstall.mjs seeds OpenCode auditor permissions including external_directory '*' allow and broad bash allow rules.
- scripts/remediate/postinstall.mjs writes global remediator commands/skills and OpenCode config.
- scripts/postinstall.mjs may update consuming repo .gitignore and probes gh repo view.
- No credential harvesting or exfiltration endpoint found in inspected install scripts.
- RuntimeCommand.js only runs operator-provided validation commands and strips Claude Code env vars.
- Bin wrappers delegate to package dist or build/package CLI behavior.
- Network URLs observed are repository/homepage metadata, not exfiltration endpoints.
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
wrapper/audit-code-wrapper-lib.mjsView on unpkg · L203Package source references weak cryptographic algorithms.
dist/audit/orchestrator/reviewPackets.jsView on unpkg · L68This package version adds a dangerous source file absent from the previous stored version.
dist/audit/orchestrator/runtimeCommand.jsView on unpkg