AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The npm `postinstall` mutates a consuming project's broad MCP control configuration. It registers and enables the package's bundled executable as an MCP server without an explicit setup action.
Decision evidence
public snapshot- `package.json` runs `node scripts/postinstall.js` automatically on install.
- `scripts/postinstall.js` walks above `node_modules` to find the consumer workspace/project root.
- The postinstall script creates or merges the consumer project's `.mcp.json`.
- It inserts `mcpServers.gossipcat` that executes `node <package>/dist-mcp/mcp-server.js`.
- This enables the package as an MCP server without an explicit user setup command.
- The script preserves existing top-level fields and MCP server entries.
- No install-time network request or credential collection was found in `scripts/postinstall.js`.
- Bundled provider endpoints in `dist-mcp/mcp-server.js` support declared AI-provider functionality, not the install-time mutation.
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
assets/hooks/discipline/pretool-signals-validate.shView on unpkgPackage ships high-entropy non-source blobs.
dist-dashboard/assets/Geist-Variable-jflMhO5d.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
dist-mcp/mcp-server.jsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist-mcp/mcp-server.jsView on unpkg