AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack surface is established. Explicit harness initialization can install a first-party Claude plugin and project-local agent/Git integrations.
Decision evidence
public snapshot- `bin/forge.mjs` auto-installs a Claude plugin under `~/.claude/skills/forge` during `init` when Claude is active.
- `template/.forge/scripts/lib/sync-adapters.mjs` materializes tool-specific project control files, including `.claude/settings.json`.
- `bin/forge.mjs` explicitly sets project Git `core.hooksPath` to `.forge/hooks/git` when none exists.
- `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle hook.
- CLI actions require explicit `init`, `update`, or `install-plugin` invocation.
- Inspected CLI, adapter sync, plugin builder, and hooks contain no network client, download, credential harvesting, or exfiltration path.
- Pre-tool hooks enforce naming, worktree location, and secret-leak prevention rather than execute remote payloads.
- Git hooks are project-local and preserve an existing custom `core.hooksPath`.
Source & flagged code
3 flagged · loading sourcePackage source references dynamic require/import behavior.
bin/forge.mjsView on unpkg · L188Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
template/.forge/hooks/pre-tool-use/check-language-policy.shView on unpkgPackage ships non-JavaScript build or shell helper files.
template/.forge/hooks/pre-tool-use/check-language-policy.shView on unpkg