AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. An explicit scaffold copies a package-owned Claude Code Stop hook into the generated project. The generated Android debug app also starts a loopback-only inspector that can return UI data and accept local tap requests.
Decision evidence
public snapshot- `template/.claude/settings.json` installs a Claude Stop hook that runs `node qa/receipt-check.mjs --hook` every turn.
- `template/qa/receipt-check.mjs` can exit 2 to block a Claude stop event when its project receipt is invalid.
- `template/composeApp/src/androidDebug/kotlin/com/example/app/inspector/InspectorHttpServer.kt` exposes debug screenshot/tree/tap controls.
- `package.json` has no `preinstall`, `install`, or `postinstall`; `prepublishOnly` is publisher-only.
- `bin/create-cmp.mjs` runs only after an explicit CLI invocation and imports local command modules.
- The hook and inspector are copied only into the user-selected scaffold target, not foreign existing agent configuration.
- Inspector binds loopback only and is confined to the Android debug source set.
- No source evidence of credential harvesting, secret exfiltration, remote payload loading, or stealth persistence.
Source & flagged code
5 flagged · loading sourcePackage ships non-JavaScript build or shell helper files.
template/gradlew.batView on unpkgPackage ships high-entropy non-source blobs.
template/gradle/wrapper/gradle-wrapper.jarView on unpkgPackage ships compressed or archive-like blobs.
template/gradle/wrapper/gradle-wrapper.jarView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
template/gradle/wrapper/gradle-wrapper.jarView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
template/qa/verify.mjsView on unpkg