AI Security Review
scanned 3d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time attack surface is established. Residual risk is user-invoked execution of an unverified first-party native binary downloaded from GitHub Releases, plus explicit CLI-managed MCP/git hook setup described in docs.
Decision evidence
public snapshot- dist/bin/codeseek.js downloads a GitHub Release binary to ~/.codeseek/bin on first CLI run and executes it via spawnSync.
- dist/install/download.js fetches platform binaries over HTTPS without checksum/signature verification.
- dist/bin/codeseek.js prompts for an API token and writes it to ~/.codeseek/config.json.
- README.md documents explicit user commands that register MCP config for Claude Code/Codex and install git hooks.
- package.json postinstall only requires dist/install/download.js; that module exports downloadBinary and has no top-level download or execution.
- No install-time mutation of Claude/Codex config or git hooks found in shipped JS.
- No JS evidence of credential exfiltration, destructive behavior, eval/vm/Function, or persistence.
- Network endpoints are aligned with documented binary download and user-configured embedding providers.
Source & flagged code
2 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkg