registry  /  idea-gauntlet  /  0.2.5

idea-gauntlet@0.2.5

Stress-test product ideas with adversarial agents, synthetic users, and court-style critique.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. The npm postinstall hook automatically mutates detected Claude, Codex, and Cursor control/config locations. It installs package-authored agent instructions and MCP configuration before any explicit CLI command.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install / postinstall
Impact
Alters broad AI-agent behavior/configuration and installs Chromium tooling without explicit user consent.
Mechanism
Automatic global AI-agent configuration and browser-runtime installation
Policy narrative
On installation, the manifest invokes dist/postinstall.js, which downloads Playwright Chromium and calls global setup. Global setup detects user-wide Claude, Codex, and Cursor directories, then writes agent instructions/configuration and can add an idea-gauntlet MCP entry to a Claude configuration file. These changes occur without an explicit idea-gauntlet install command or interactive approval, constituting unconsented postinstall mutation of broad AI-agent control surfaces.
Rationale
Direct inspection confirms an automatic install-time chain that writes package-authored configuration into foreign AI-agent directories. This meets the firewall block boundary regardless of otherwise user-invoked analysis networking.
Evidence
package.jsondist/postinstall.jsdist/chunk-6OHN2SBA.jsdist/chunk-DYZHO4EE.jsdist/cli/index.jsdist/chunk-XGVIJ7L7.jsAGENTS.md.codex/config.toml.cursor/rules/idea-gauntlet-*.mdcclaude_desktop_config.jsonmcp-config.jsoninstall-manifest.json

Decision evidence

public snapshot
AI called this Malicious at 98.0% confidence as Malware with low false-positive risk.
Evidence for policy block
  • package.json runs dist/postinstall.js on npm install.
  • dist/postinstall.js calls globalSetup({ mode: "install" }) without confirmation.
  • dist/chunk-6OHN2SBA.js detects standard Claude, Codex, and Cursor home/config paths.
  • dist/chunk-6OHN2SBA.js writes AGENTS.md, .codex/config.toml, Cursor rules, and Claude MCP config.
  • dist/postinstall.js executes npx playwright install chromium.
Evidence against
  • Network provider/search calls are in user-invoked CLI analysis paths, not postinstall.
  • Setup preserves differing existing generated files unless --force is supplied.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 16 file(s), 285 KB of source, external domains: api.github.com, api.openai.com, cdn.jsdelivr.net, google.serper.dev, hn.algolia.com, html.duckduckgo.com, news.ycombinator.com, www.producthunt.com, www.w3.org

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node -e "try{require('fs').accessSync('dist/postinstall.js');require('child_process').execSync('node dist/postinstall.js',{stdio:'inherit'})}catch(e){process.exit(0)}"
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.postinstall = node -e "try{require('fs').accessSync('dist/postinstall.js');require('child_process').execSync('node dist/postinstall.js',{stdio:'inherit'})}catch(e){process.exit(0)}"
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/postinstall.jsView file
7// src/postinstall.ts L8: import { execSync } from "child_process"; L9: async function runPostinstall() {
High
Child Process

Package source references child process execution.

dist/postinstall.jsView on unpkg · L7
11try { L12: execSync("npx playwright install chromium", { L13: stdio: "ignore",
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/postinstall.jsView on unpkg · L11

Findings

1 Critical4 High3 Medium5 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/postinstall.js
HighShell
HighRuntime Package Installdist/postinstall.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings