AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Installing the package invokes an unguarded postinstall hook. It modifies Claude Code and Codex global MCP configuration to register a package-controlled server.
Decision evidence
public snapshot- `package.json` declares `postinstall: node scripts/postinstall.js`.
- `scripts/postinstall.js` unconditionally rewrites `~/.claude.json` to add `karajan-mcp`.
- It rewrites `~/.codex/config.toml` with an MCP server block.
- The injected server executes the package-local `src/mcp/server.js` via Node.
- Errors are swallowed, so installation completes even if mutation is partially hidden.
- No install-time network request or credential exfiltration was found in `scripts/postinstall.js`.
- The installed MCP command points to package-local source rather than a downloaded payload.
Source & flagged code
16 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
scripts/diet-baseline.mjsView on unpkg · L25Package source references dynamic require/import behavior.
packages/hu-board/src/boot-info.jsView on unpkg · L12Package source references weak cryptographic algorithms.
src/sonar/project-key.jsView on unpkg · L59Source file is highly similar to a previously finalized malicious package; route for source-aware review.
scripts/install.jsView on unpkgSource writes installer persistence such as shell profile or service configuration.
scripts/install.jsView on unpkg · L4Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.jsView on unpkg · L3Package source invokes a package manager install command at runtime.
src/audit/basal-cost.jsView on unpkg · L76Package ships WebAssembly modules.
vendor/tree-sitter-grammars/python.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
scripts/install-binary.shView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
packages/hu-board/src/server.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
packages/ai-trash/src/git-snapshot.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
packages/hu-board/src/command-runner.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
packages/hu-board/src/plan-mutations.jsView on unpkg