AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is an AI-agent project-memory CLI with explicit commands that install first-party hooks, MCP registrations, and skills. This is package-aligned but touches AI-agent control surfaces, so it is lifecycle-risk rather than malicious.
Decision evidence
public snapshot- dist/src/hooks.js installs Benjamin-owned session-start/session-stop commands into .claude, .codex, and .cursor hook files.
- dist/src/mcp-install.js can register a local benjamin-docs MCP server in Claude Code, Cursor, and Codex configs.
- dist/src/install-skill.js writes bundled skill text into agent skill directories under the user's home directory.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- Agent config mutation is explicit CLI behavior: hooks install, mcp install, install-skill, init --hooks, or prompted init/upgrade.
- Hook and MCP entries run local benjamin-docs commands, not remote payloads or shell snippets.
- dist/src/fsx.js and project-config.js enforce relative in-root paths and reject symlinks for generated project files.
- dist/src/update-check.js only fetches package latest metadata from npm and caches version data; no credential/file exfiltration found.
- child_process use is limited to git status/diff helpers and detached self-spawn for update-cache.
Source & flagged code
2 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/src/update-check.jsView on unpkg · L1