AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface. Risky primitives are aligned with a local project-memory CLI and are activated by explicit CLI use or agent hooks installed by that CLI, not npm install.
Decision evidence
public snapshot- User-invoked commands can write AI-agent hook/skill files: dist/src/hooks.js, dist/src/install-skill.js.
- Session-start may spawn detached node for update-cache: dist/src/update-check.js.
- package.json has no preinstall/install/postinstall lifecycle scripts.
- bin entry dist/src/cli.js dispatches explicit CLI commands; no import-time mutation found.
- dist/src/hooks.js installs only benjamin-docs session-start/session-stop commands and preserves/removes marked entries.
- dist/src/fsx.js constrains generated project paths under the project root and rejects symlinks.
- dist/src/update-check.js only fetches npm latest metadata and caches version JSON under .benjamin-docs/update-check.json.
- dist/src/git.js child_process usage is limited to fixed git commands for drift/export status.
Source & flagged code
3 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/src/update-check.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/src/update-check.jsView on unpkg