registry  /  claude-loadout  /  0.3.52

claude-loadout@0.3.52

Profile your project and gear up your coding agent with the right MCP servers, skills, and hooks. Claude Code, Codex, Cursor, opencode, Gemini CLI & OpenClaw. A recommender + installer, not a list you read.

AI Security Review

scanned 1d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a user-invoked setup CLI that can write agent MCP and Claude settings after explicit commands or prompts.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs loadout CLI with selection, --all/--yes, apply, or doctor --fix
Impact
Adds selected MCP servers/hooks/settings to project or requested agent config files; may enable third-party tools chosen from the catalog.
Mechanism
explicit agent configuration writer
Rationale
Static inspection shows potentially sensitive agent-control writes are tied to explicit CLI workflows, not npm install/import-time execution, and the behavior matches the package's stated setup purpose. Scanner hits for child_process and package installation map to doctor PATH checks and catalog MCP launch commands rather than concealed malware.
Evidence
package.jsoncli/index.jscli/lib/apply.mjscli/lib/targets.mjscli/lib/manifest.mjscli/lib/doctor.mjsplugins/loadout/catalog/mcp.json.mcp.json.claude/settings.json.cursor/mcp.json.gemini/settings.jsonopencode.json.codex/config.toml~/.openclaw/openclaw.json.loadout.json
Network endpoints3
api.githubcopilot.com/mcp/mcp.sentry.dev/mcpopencode.ai/config.json

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
  • cli/lib/apply.mjs writes selected MCP entries to .mcp.json and Claude hooks/settings to .claude/settings.json.
  • cli/lib/targets.mjs can write MCP config for Cursor, Gemini, opencode, Codex, and OpenClaw when requested by target.
  • plugins/loadout/catalog/mcp.json includes npx -y ...@latest MCP server commands and remote HTTP MCP URLs.
  • cli/lib/doctor.mjs uses execSync only for which/where dependency checks during doctor audits.
Evidence against
  • package.json has no install/postinstall/prepare hook; only prepublishOnly runs tests for publishers.
  • cli/index.js requires interactive selection or explicit --all/--yes/apply/doctor --fix before writing configs.
  • Skill/reference catalog items are not auto-written; CLI prints install commands for the user to run.
  • No credential harvesting or exfiltration logic found; token references are placeholders and warnings.
  • Network endpoints are catalog homepages/MCP targets, not contacted by package code during import/install.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 10 file(s), 79.2 KB of source, external domains: github.com, opencode.ai

Source & flagged code

4 flagged · loading source
cli/lib/doctor.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = claude-loadout@0.3.46 matchedIdentity = npm:Y2xhdWRlLWxvYWRvdXQ:0.3.46 similarity = 0.700 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

cli/lib/doctor.mjsView on unpkg
3import { openclawConfigPath } from "./paths.mjs"; L4: import { execSync } from "node:child_process"; L5: import { loadCatalog } from "./catalog.mjs";
High
Child Process

Package source references child process execution.

cli/lib/doctor.mjsView on unpkg · L3
73findings.fix.push({ L74: msg: "POSIX Ruff hook detected — re-run loadout on Windows to apply lint-python-on-edit-win (PowerShell, no jq)", L75: file: ".claude/settings.json",
High
Shell

Package source references shell execution.

cli/lib/doctor.mjsView on unpkg · L73
407msg: hasAuto L408: ? `Loadout would still suggest: ${names} — run npx claude-loadout doctor --fix` L409: : `Loadout would still suggest: ${names} — run npx claude-loadout doctor --fix for skill install steps`, ... L415: const cmd = process.platform === "win32" ? `where ${name}` : `which ${name}`; L416: execSync(cmd, { stdio: "ignore" }); L417: return true;
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

cli/lib/doctor.mjsView on unpkg · L407

Findings

1 Critical3 High2 Medium5 Low
CriticalPrevious Version Dangerous Deltacli/lib/doctor.mjs
HighChild Processcli/lib/doctor.mjs
HighShellcli/lib/doctor.mjs
HighRuntime Package Installcli/lib/doctor.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings