AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time attack surface. The real risk is explicit CLI-driven agent extension registration and local credential/browser replay capability, which is package-aligned but sensitive.
Decision evidence
public snapshot- src/imprint/install.ts writes MCP registrations for Claude Desktop/OpenClaw/Hermes configs and invokes claude/codex MCP registration commands.
- src/imprint/mcp-maintenance.ts can disable/delete/restore existing imprint-* MCP registrations.
- src/imprint/update.ts has user-invoked update paths that fetch npm metadata and may run bun global install or a GitHub install script.
- src/imprint/credential-store.ts stores site credentials/cookies locally in OS keyring or encrypted file for runtime replay.
- package.json has only a prepare script: git config core.hooksPath .githooks; no preinstall/install/postinstall hook.
- src/cli.ts dispatches install/uninstall/mcp/update/credential behavior only after explicit CLI verbs.
- MCP config mutations are first-party imprint-* registrations selected by user/platform prompts or CLI flags, not broad unconsented takeover.
- Credential code is local storage/replay support; no source path found that exfiltrates credential store contents.
- Network use is package-aligned: target-site replay, npm update check, optional push notifications, and LLM provider calls.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
src/imprint/codex-cli-compile.tsView on unpkg · L9Package source references dynamic require/import behavior.
src/imprint/credential-store.tsView on unpkg · L557Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
src/imprint/replay-capture.tsView on unpkg · L14Package source invokes a package manager install command at runtime.
src/imprint/doctor.tsView on unpkg · L111This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/imprint/audit.tsView on unpkg