AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit installer commands modify AI-agent configuration and instruction files. The Claude target can register a prompt hook and broad cssgraph MCP permission; the Codex target registers a local stdio MCP server.
Decision evidence
public snapshot- `dist/bin/cssgraph.js` exposes explicit `install` and `uninstall` commands for AI-agent integration.
- `dist/installer/targets/codex.js` writes a `cssgraph` MCP subprocess entry to `~/.codex/config.toml` and inserts instructions into `~/.codex/AGENTS.md`.
- `dist/installer/targets/claude.js` can add a `UserPromptSubmit` hook running `cssgraph prompt-hook` and auto-allow `mcp__cssgraph__*`.
- `dist/installer/index.js` can run `npm install -g cssgraph`, but only after the interactive installer prompt.
- `package.json` has no `preinstall`, `install`, `postinstall`, or `prepare` lifecycle hook.
- Installer code is reached only from explicit CLI `cssgraph install`/`uninstall` actions, not package import.
- No outbound network API usage or credential/environment exfiltration was found in distributed JavaScript.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
dist/installer/index.jsView on unpkg · L52Package source invokes a package manager install command at runtime.
dist/installer/index.jsView on unpkg · L106Package source references a known benign dynamic code generation pattern.
dist/installer/index.jsView on unpkg · L60Package source references dynamic require/import behavior.
dist/project-config.jsView on unpkg · L43This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/index.jsView on unpkg