AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Installation silently modifies the host Claude Code and Codex MCP configurations. Those foreign agent control files register package-controlled code for later execution by the AI clients.
Decision evidence
public snapshot- `package.json` runs `scripts/postinstall.js` automatically.
- `scripts/postinstall.js` overwrites/adds `karajan-mcp` in `~/.claude.json`.
- `scripts/postinstall.js` inserts an MCP server block into `~/.codex/config.toml`.
- The inserted configs execute package `src/mcp/server.js` via Node.
- The hook is non-interactive and suppresses failures, enabling silent persistence.
- No exfiltration endpoint or credential-harvesting behavior was confirmed in inspected lifecycle code.
- `packages/hu-board/src/server.js` defaults its web server to loopback.
- `packages/hu-board/src/command-runner.js` uses a fixed command whitelist.
Source & flagged code
16 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
scripts/diet-baseline.mjsView on unpkg · L25Package source references dynamic require/import behavior.
packages/hu-board/src/boot-info.jsView on unpkg · L12Package source references weak cryptographic algorithms.
src/sonar/project-key.jsView on unpkg · L59Source file is highly similar to a previously finalized malicious package; route for source-aware review.
scripts/install.jsView on unpkgSource writes installer persistence such as shell profile or service configuration.
scripts/install.jsView on unpkg · L4Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.jsView on unpkg · L3Package source invokes a package manager install command at runtime.
src/audit/basal-cost.jsView on unpkg · L76Package ships WebAssembly modules.
vendor/tree-sitter-grammars/python.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
scripts/install-binary.shView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
packages/hu-board/src/server.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
packages/ai-trash/src/git-snapshot.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
packages/hu-board/src/command-runner.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
packages/hu-board/src/plan-mutations.jsView on unpkg