AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface, but the package has user-invoked AI-agent extension lifecycle risk. It installs/updates its Claude Code plugin and runs Claude with broad permissions as part of documented GitHub automation.
Decision evidence
public snapshot- dist/index.js install/update explicit commands mutate Claude plugin marketplace and install/update claude-task-worker plugin.
- dist/index.js worker commands spawn claude with --dangerously-skip-permissions for GitHub issue/PR automation.
- dist/index.js usage command reads Claude credentials and calls https://api.anthropic.com/api/oauth/usage.
- dist/index.js can send task status and failed command output to user-provided Slack webhook env URL.
- package.json has no preinstall/install/postinstall hooks; only prepublishOnly build.
- README.md documents Claude Code/GitHub automation, install/update, Slack webhook, and init behavior.
- dist/index.js plugin setup is activated only by user CLI commands install/update, not npm lifecycle.
- dist/index.js GitHub and Claude invocations are core package functionality, not hidden import-time behavior.
- No obfuscation, eval/vm, binary loading, or hardcoded exfiltration endpoint found.
Source & flagged code
4 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L939Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L951