AI Security Review
scanned 1h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious behavior, but the package is an explicit agent-extension installer that writes project AI-agent config, .agent assets, and git hooks. This is package-aligned and user-invoked rather than npm lifecycle hijacking.
Decision evidence
public snapshot- bin/devbureau.js init copies .agent/ and starter .mcp.json into cwd on user command.
- bin/devbureau.js init runs .agent/scripts/install_hooks.py when .git/ exists.
- .agent/scripts/install_hooks.py writes .git/hooks/pre-commit and pre-commit.py.
- .agent/scripts/sync_ide.py can write AI IDE config files and merge .claude/settings.json hooks.
- package.json has no npm preinstall/install/postinstall lifecycle hooks.
- Agent/config mutation is activated by explicit devbureau CLI commands, not install-time execution.
- .mcp.json contains GitHub MCP URL only and no token or secret.
- No credential harvesting or exfiltration code found in inspected hot paths.
- Uninstall removes generated files by manifest and avoids touching .mcp.json/.claude/settings.json automatically.
Source & flagged code
2 flagged · loading sourcePackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.agent/.shared/ui-ux-pro-max/scripts/design_system.pyView on unpkgPackage ships non-JavaScript build or shell helper files.
.agent/.shared/ui-ux-pro-max/scripts/design_system.pyView on unpkg