AI Security Review
scanned 1d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a documented user-invoked recommender/installer for AI-agent MCP and Claude settings, with writes gated by CLI commands and prompts rather than npm lifecycle execution.
Decision evidence
public snapshot- User-invoked CLI can write agent configs: .mcp.json, .claude/settings.json, .cursor/mcp.json, .gemini/settings.json, opencode.json, .codex/config.toml, ~/.openclaw/openclaw.json.
- Catalog includes MCP entries launched via npx/uvx, some pinned to @latest, but only after interactive selection, --all, --fix, or apply commands.
- cli/lib/doctor.mjs uses execSync only for local PATH checks via which/where.
- package.json has no install/postinstall/prepare hook; prepublishOnly runs tests only for publishing.
- cli/index.js defaults to preview plus interactive prompt; non-TTY requires --all to apply.
- Skills/reference entries are returned as manual install commands, not auto-written.
- No credential harvesting or exfiltration code found; token strings are placeholders reported back to the user.
- No remote code download/eval/vm/native binary loading found in package source.
Source & flagged code
4 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
cli/lib/doctor.mjsView on unpkgPackage source invokes a package manager install command at runtime.
cli/lib/doctor.mjsView on unpkg · L447