AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Installing the package silently alters Claude Code and Codex global MCP configuration. Those clients will subsequently launch package-controlled Node code as an MCP server.
Decision evidence
public snapshot- `package.json` runs `scripts/postinstall.js` on install.
- `scripts/postinstall.js` unconditionally writes `~/.claude.json`.
- It registers `karajan-mcp` to execute package `src/mcp/server.js`.
- It creates and modifies `~/.codex/config.toml` during install.
- The hook is non-interactive and suppresses failures.
- The registered MCP uses stdio; no postinstall network call is present.
- `src/mcp/server.js` is a normal MCP dispatcher rather than an encoded payload.
Source & flagged code
11 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
scripts/diet-baseline.mjsView on unpkg · L25Package source references dynamic require/import behavior.
packages/hu-board/src/boot-info.jsView on unpkg · L12Package source references weak cryptographic algorithms.
src/sonar/project-key.jsView on unpkg · L59Source writes installer persistence such as shell profile or service configuration.
scripts/install.jsView on unpkg · L4Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.jsView on unpkg · L3Package source invokes a package manager install command at runtime.
src/audit/basal-cost.jsView on unpkg · L76Package ships WebAssembly modules.
vendor/tree-sitter-grammars/python.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
scripts/setup-multi-instance.shView on unpkg