AI Security Review
scanned 2h ago · by lpm-firewall-aiInstall-time prepare mutates the enclosing Git repository's hooks-path setting. Explicit update and compile commands can execute remote installer code or highly privileged external AI agents.
Decision evidence
public snapshot- `package.json` prepare runs `git config core.hooksPath .githooks` during lifecycle execution.
- `src/imprint/update.ts` pipes a remote GitHub installer to bash for compiled-binary updates.
- `src/imprint/claude-cli-compile.ts` launches Claude with `--permission-mode bypassPermissions`.
- `src/imprint/codex-cli-compile.ts` runs Codex with workspace-write and automated MCP approval.
- No preinstall/install/postinstall hook exists; the only lifecycle hook is prepare.
- `src/imprint/install.ts` changes MCP registrations only through explicit install/uninstall commands.
- `src/imprint/credential-store.ts` stores credentials in keyring or encrypted local files; inspected paths show no network upload.
- Network calls inspected are package update checks or user-selected website replay/automation, not hidden exfiltration.
Source & flagged code
6 flagged · loading sourcePackage source references child process execution.
src/imprint/codex-cli-compile.tsView on unpkg · L9Package source references dynamic require/import behavior.
src/imprint/credential-store.tsView on unpkg · L533Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
src/imprint/replay-capture.tsView on unpkg · L14Package source invokes a package manager install command at runtime.
src/imprint/doctor.tsView on unpkg · L111This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/imprint/claude-cli-compile.tsView on unpkg