AI Security Review
scanned 1d ago · by lpm-firewall-aiThe package is a user-invoked AI-agent setup CLI that recommends and writes MCP and Claude hook configuration. The agent-control writes are explicit CLI behavior, not npm install-time mutation, and no exfiltration or stealth persistence was found.
Decision evidence
public snapshot- cli/lib/apply.mjs can write selected MCP entries to .mcp.json and hooks/settings to .claude/settings.json
- cli/lib/targets.mjs can write MCP config for Cursor, Gemini, opencode, Codex, and OpenClaw targets
- plugins/loadout/catalog/mcp.json includes user-invoked npx/uvx MCP server commands, some with @latest
- plugins/loadout/catalog/hooks.json contains Claude Code hook commands that run formatters/guards on agent events
- package.json has no install/postinstall lifecycle; prepublishOnly is publisher-side npm test only
- cli/index.js gates writes behind interactive selection, --all, doctor --fix, apply, or target flags
- cli/lib/doctor.mjs uses execSync only for local which/where dependency checks
- No source evidence of credential harvesting, exfiltration, remote payload fetch/execute, or destructive persistence
- Skill/community entries are presented as manual install commands rather than auto-written
Source & flagged code
4 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
cli/lib/doctor.mjsView on unpkgPackage source invokes a package manager install command at runtime.
cli/lib/doctor.mjsView on unpkg · L447