AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface. The real risk is explicit first-party AI-agent extension setup that mutates Claude/Codex config and hooks when the user runs dreamcontext setup or install-skill.
Decision evidence
public snapshot- dist/index.js installs first-party Claude/Codex skills, agents, root instructions, and hook config via explicit setup/install-skill commands
- dist/index.js writes .claude/settings.json and .codex/config.toml hooks that run npx dreamcontext hook commands
- install.sh one-line installer runs npm install -g dreamcontext@latest, optional app install, then dreamcontext setup/update
- dist/index.js can fetch desktop app releases from https://api.github.com/repos/meanllbrl/dreamcontext/releases/latest and download release assets after sha256 check
- package.json has no preinstall/install/postinstall lifecycle; only prepublishOnly build
- AI-agent control-surface writes are user-invoked CLI/setup behavior, not automatic npm install mutation
- Hook commands appear package-aligned: snapshot/session state, context injection, tool gating, dashboard open
- Tokens for ClickUp/GitHub/Meta are stored/read for configured integrations and masked/redacted; no source evidence of credential exfiltration
- Meta/GitHub network code is tied to explicit user commands/integrations, with dry-run and auth safeguards
Source & flagged code
11 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/dashboard/assets/subset-shared.chunk-Bin8VoC6.jsView on unpkg · L22AWS access key ID in dist/dashboard/assets/subset-shared.chunk-Bin8VoC6.js
dist/dashboard/assets/subset-shared.chunk-Bin8VoC6.jsView on unpkg · L22Package source references a known benign dynamic code generation pattern.
dist/dashboard/assets/BrainCanvas3D-8hG96aAi.jsView on unpkg · L4114Package source references dynamic require/import behavior.
dist/skill-packs/excalidraw/examples/style_board.jsView on unpkg · L2Package source references weak cryptographic algorithms.
dist/skill-packs/excalidraw/scripts/build_excalidraw.jsView on unpkg · L8Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/dashboard/assets/percentages-BXMCSKIN-DckRvLSG.jsView on unpkg · L108Google API key in dist/dashboard/assets/percentages-BXMCSKIN-DckRvLSG.js
dist/dashboard/assets/percentages-BXMCSKIN-DckRvLSG.jsView on unpkg · L2Package ships non-JavaScript build or shell helper files.
dist/skill-packs/video-watching/scripts/transcribe.shView on unpkgPackage ships high-entropy non-source blobs.
dist/dashboard/assets/Assistant-Bold-gm-uSS1B.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
dist/index.jsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/index.jsView on unpkg