AI Security Review
scanned 4d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Install-time lifecycle mutates user-level AI-agent command, skill, plugin, and OpenCode permission surfaces. This is unconsented control-surface persistence outside the consuming project.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/postinstall.mjs
- scripts/postinstall.mjs launches audit and remediate postinstall deployers automatically
- scripts/audit/postinstall.mjs writes user AI-agent surfaces under ~/.codex, ~/.claude, ~/.config/opencode, and ~/.gemini
- scripts/remediate/postinstall.mjs writes analogous user AI-agent surfaces for remediate-code
- OpenCode agent configs grant read/glob/grep and command-specific bash/edit permissions during install
- Postinstall source assets come from package skills/prompts, not downloaded payloads
- No credential exfiltration or destructive filesystem behavior found in lifecycle scripts
- Runtime network endpoints are quota probes aligned with the audit/remediation orchestrator feature
- CLI wrappers delegate to packaged dist entries and require user invocation beyond install
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
wrapper/audit-code-wrapper-lib.mjsView on unpkg · L203Package source references weak cryptographic algorithms.
dist/audit/orchestrator/reviewPackets.jsView on unpkg · L68This package version adds a dangerous source file absent from the previous stored version.
dist/shared/providers/spawnLoggedCommand.jsView on unpkg