AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit `clawnify ai-files install` can add Clawnify instructions, skills, and an MCP server entry to the current project. Explicit `clawnify execute` forwards provided code to Clawnify's authenticated remote MCP service. No install-time execution or unconsented broad agent-control mutation is present.
Decision evidence
public snapshot- `dist/cli-BBJGGLQP.js` implements `ai-files install`, which writes agent rules, skills, and `.mcp.json`.
- The installed MCP entry runs `npx clawnify --mcp`, extending detected Claude/Cursor/Codex-style project agents.
- `execute` sends user-supplied or user-selected TypeScript source to authenticated `mcp.clawnify.com`.
- `package.json` has no `preinstall`, `install`, or `postinstall` hook.
- `dist/index.js` only imports CLI/MCP modules after a user invokes the bin.
- Agent-file mutation is limited to explicit `ai-files install`/`uninstall` commands in the current project.
- Auth tokens are used for the package's OAuth/API hosts; no unrelated credential harvesting or exfiltration path was found.
- Subprocess use is user-invoked Git, Vite, Wrangler, and Drizzle tooling; no hidden payload execution was found.
Source & flagged code
4 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/cli-BBJGGLQP.jsView on unpkg · L27A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli-BBJGGLQP.jsView on unpkg · L27Package source references child process execution.
dist/cli-BBJGGLQP.jsView on unpkg · L178Package source invokes a package manager install command at runtime.
dist/cli-BBJGGLQP.jsView on unpkg · L797