AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No unconsented install-time attack behavior is established. Explicit user commands can install this first-party deployment skill into agent-specific directories and configure a local Dirextalk bridge.
Decision evidence
public snapshot- `bin/dirextalk-deployer.mjs` explicitly copies the package into selected AI-agent skill directories, including `.codex`, `.claude`, and `.cursor`.
- `scripts/phases/s6_wire_local.sh` can install `dirextalk-connect@latest`, write bridge credentials/config, and start its service during user-run orchestration.
- `skill refresh` invokes `npm install -g dirextalk-deployer@latest` after an explicit CLI refresh request.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- The CLI runs only as the declared `dirextalk-deployer` binary; import-time execution is not established.
- Skill installation refuses unmanaged target directories unless the user supplies `--force`.
- Host-managed MCP paths require explicit operator readiness and state they do not mutate user-global host configuration.
- Reviewed network use targets the configured Dirextalk server, AWS, and declared GitHub release/source endpoints; no credential-harvesting or unrelated exfiltration endpoint was found.
- Updater download configuration is pinned to a version, commit, URL, and SHA-256 in `scripts/updater/release.env`.
Source & flagged code
4 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/dirextalk-deployer.mjsView on unpkgPackage source references child process execution.
bin/dirextalk-deployer.mjsView on unpkg · L1Package source invokes a package manager install command at runtime.
bin/dirextalk-deployer.mjsView on unpkg · L411Package ships non-JavaScript build or shell helper files.
scripts/adopt-legacy-node.shView on unpkg