AI Security Review
scanned 5h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The user-invoked scaffolder can install selected MCP servers into project or global AI-agent configuration through `add-mcp@latest`. It also posts anonymized CLI telemetry after project creation; no install-time attack surface is present.
Decision evidence
public snapshot- `dist/addons-setup-DR924M7b.mjs` runs `add-mcp@latest` to configure selected AI clients.
- MCP setup supports project or global scope and agents including Cursor, Claude Code, Codex, and VS Code.
- Selected MCP targets can be remote URLs or `npx ...@latest` commands.
- `dist/analytics-BXlOG6u6.mjs` sends opt-out telemetry to a Convex endpoint.
- `package.json` has no `preinstall`, `install`, `postinstall`, or `prepare` hook.
- `dist/cli.mjs` only runs after the user invokes the CLI.
- MCP mutation is gated by the explicit `mcp` addon and interactive scope/agent selections.
- No credential harvesting, secret-file reads, eval/vm usage, native loading, or destructive behavior found.
- Telemetry strips project name and paths and documents an opt-out.
Source & flagged code
2 flagged · loading source`dist/addons-setup-DR924M7b.mjs` runs `add-mcp@latest` to configure selected AI clients.
dist/addons-setup-DR924M7b.mjsView on unpkg`dist/analytics-BXlOG6u6.mjs` sends opt-out telemetry to a Convex endpoint.
dist/analytics-BXlOG6u6.mjsView on unpkg