AI Security Review
scanned 2d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time attack surface was found. The unresolved risk is explicit user-command setup of AI-agent workflow files and terminal auto-approval settings for HubLaunch workflows.
Decision evidence
public snapshot- dist/commands/init.js user-invoked init copies bundled skills into .agents/skills and symlinks .claude/commands/*.md
- dist/commands/init.js can write .vscode/settings.json chat.tools.terminal.autoApprove patterns, default prompt initial true
- dist/templates/scripts/*.sh are copied executable to .github/scripts by init
- dist/commands/launch.js forwards configured API keys, GitHub token, and selected .env vars to configured HubLaunch server
- package.json has no preinstall/install/postinstall lifecycle hooks
- dist/index.js only registers CLI commands; no install-time execution
- dist/utils/env-vars.js blocks reserved env vars and only reads variables named in config or explicit envVars all from .env
- dist/services/hooks/HookExecutor.js validates hook paths under project root before running project hooks
- Network use is aligned with CLI purpose: HubLaunch server, GitHub OAuth/API, Anthropic model validation
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
dist/utils/shell.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/config/index.jsView on unpkg · L67Source appears to send environment or credential material to an external endpoint.
dist/commands/init.jsView on unpkg · L99A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/commands/init.jsView on unpkg · L99Package source invokes a package manager install command at runtime.
dist/services/hooks/HookExecutor.jsView on unpkg · L130Package ships non-JavaScript build or shell helper files.
dist/templates/scripts/hula-fix-commit.shView on unpkg