AI Security Review
scanned 9d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Install-time script drops AI-agent control files into the current working directory. This can alter Claude Code agent behavior and project instructions without an explicit runtime command from the user.
Decision evidence
public snapshot- package.json runs postinstall: node .catalyst/bin/install.js
- install.js copies package .claude/agents, .claude/commands, .claude/skills into process.cwd()
- install.js overwrites existing .claude/agents after warning, without consent gate
- install.js writes AGENTS.md and .catalyst files into the target cwd
- Package ships Claude agent/control content under .claude/agents and .claude/skills
- No credential harvesting or exfiltration found in install.js
- Network use found only in optional .catalyst/voice/meet-server.js, not lifecycle
- Shell hooks are shipped but not copied by install.js
- Voice server reads local ElevenLabs key only when user starts meeting server
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
.catalyst/bin/install.jsView on unpkg · L1Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.claude/hooks/forge-session-rename.shView on unpkgPackage ships non-JavaScript build or shell helper files.
.claude/hooks/forge-session-rename.shView on unpkg