AI Security Review
scanned 1d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a user-invoked setup CLI that can write agent MCP and Claude settings after explicit commands or prompts.
Decision evidence
public snapshot- cli/lib/apply.mjs writes selected MCP entries to .mcp.json and Claude hooks/settings to .claude/settings.json.
- cli/lib/targets.mjs can write MCP config for Cursor, Gemini, opencode, Codex, and OpenClaw when requested by target.
- plugins/loadout/catalog/mcp.json includes npx -y ...@latest MCP server commands and remote HTTP MCP URLs.
- cli/lib/doctor.mjs uses execSync only for which/where dependency checks during doctor audits.
- package.json has no install/postinstall/prepare hook; only prepublishOnly runs tests for publishers.
- cli/index.js requires interactive selection or explicit --all/--yes/apply/doctor --fix before writing configs.
- Skill/reference catalog items are not auto-written; CLI prints install commands for the user to run.
- No credential harvesting or exfiltration logic found; token references are placeholders and warnings.
- Network endpoints are catalog homepages/MCP targets, not contacted by package code during import/install.
Source & flagged code
4 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
cli/lib/doctor.mjsView on unpkgPackage source invokes a package manager install command at runtime.
cli/lib/doctor.mjsView on unpkg · L407