AI Security Review
scanned 2d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. dreamcontext is an AI-agent context CLI that can install Claude skills, agents, hooks, root instructions, and project state when the user runs setup/install commands. No unconsented lifecycle-time mutation or import-time attack behavior was confirmed.
Decision evidence
public snapshot- skill/SKILL.md declares alwaysApply hooks that run npx dreamcontext on SessionStart, Stop, SubagentStart, PreToolUse, UserPromptSubmit, PostToolUse, and PreCompact.
- dist/index.js contains explicit install paths for foreign Claude control surfaces: .claude/skills, .claude/agents, and .claude/settings.json.
- dist/index.js can install a git pre-commit hook via user-invoked dreamcontext mk hooks install.
- install.sh is a curl-style installer that runs npm install -g dreamcontext@latest, then may run dreamcontext setup interactively.
- package.json has no consumer install/postinstall/preinstall hook; only prepublishOnly runs build before publishing.
- Foreign agent-surface writes appear behind explicit CLI commands/setup or installer script, not automatic npm package installation/import.
- Token storage is documented as _dream_context/state/.secrets.json and config display masks tokens; no source evidence of credential exfiltration.
- Network endpoints found are product-aligned: npm version checks, GitHub/ClickUp/task sync, local dashboard, Meta API features, and optional app install/update.
- Bundled skill packs and agents are markdown/instructions; scanner secret/protestware hits are mostly documentation/examples.
Source & flagged code
12 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/dashboard/assets/subset-shared.chunk-Bin8VoC6.jsView on unpkg · L22AWS access key ID in dist/dashboard/assets/subset-shared.chunk-Bin8VoC6.js
dist/dashboard/assets/subset-shared.chunk-Bin8VoC6.jsView on unpkg · L22Package source references a known benign dynamic code generation pattern.
dist/dashboard/assets/BrainCanvas3D-8hG96aAi.jsView on unpkg · L4114Package source references dynamic require/import behavior.
dist/skill-packs/excalidraw/examples/style_board.jsView on unpkg · L2This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/skill-packs/excalidraw/scripts/build_excalidraw.jsView on unpkgPackage source references weak cryptographic algorithms.
dist/skill-packs/excalidraw/scripts/build_excalidraw.jsView on unpkg · L8Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/dashboard/assets/percentages-BXMCSKIN-DckRvLSG.jsView on unpkg · L108Google API key in dist/dashboard/assets/percentages-BXMCSKIN-DckRvLSG.js
dist/dashboard/assets/percentages-BXMCSKIN-DckRvLSG.jsView on unpkg · L2Package ships non-JavaScript build or shell helper files.
dist/skill-packs/video-watching/scripts/transcribe.shView on unpkgPackage ships high-entropy non-source blobs.
dist/dashboard/assets/Assistant-Bold-gm-uSS1B.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
dist/index.jsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/index.jsView on unpkg