AI Security Review
scanned 4h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malware chain was found. The notable risk is an explicit user-command feature that installs first-party bundled AI-agent skills into Claude Code's skill directory.
Decision evidence
public snapshot- src/commands/skill.js implements explicit `bp-code skill install/remove` copying/removing bundled skills under default `~/.claude/skills`.
- skills/bp-install/SKILL.md documents installing package-provided skills into Claude Code skill directory.
- src/api/auth.js stores BP credentials and tokens in `~/.byteplan/.env.<env>` after user-invoked login.
- src/api/core.js hardcodes BytePlan endpoints `https://dev.byteplan.com` and `https://uatapp.byteplan.com`; src/api/logs.js uses `https://grafana.ops.byteplan.com`.
- src/archive.js uses `spawnSync` for local mkdir/cp during explicit page archive operations.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- CLI entrypoint only registers commander commands; no install-time or import-time payload execution found.
- Network calls are BytePlan/Grafana product APIs used by authenticated CLI commands, not arbitrary exfiltration endpoints.
- Credential reads/writes are documented login/config behavior under `~/.byteplan`, not hidden harvesting.
- No eval/vm/Function, native binary loading, obfuscation, or remote code download observed.
- Agent skill writes require explicit `bp-code skill install` command and copy bundled first-party skill files.
Source & flagged code
5 flagged · loading sourcesrc/commands/skill.js implements explicit `bp-code skill install/remove` copying/removing bundled skills under default `~/.claude/skills`.
src/commands/skill.jsView on unpkgskills/bp-install/SKILL.md documents installing package-provided skills into Claude Code skill directory.
skills/bp-install/SKILL.mdView on unpkgsrc/api/auth.js stores BP credentials and tokens in `~/.byteplan/.env.<env>` after user-invoked login.
src/api/auth.jsView on unpkgsrc/api/core.js hardcodes BytePlan endpoints `https://dev.byteplan.com` and `https://uatapp.byteplan.com`; src/api/logs.js uses `https://grafana.ops.byteplan.com`.
src/api/core.jsView on unpkgsrc/archive.js uses `spawnSync` for local mkdir/cp during explicit page archive operations.
src/archive.jsView on unpkg