AI Security Review
scanned 11d ago · by lpm-firewall-aiThe package has powerful user-invoked agent-memory installation and linking behavior, including Claude hook wiring and agent instruction files. Inspection found this behavior disclosed and aligned with the package purpose rather than an unconsented lifecycle mutation.
Decision evidence
public snapshot- bin/klypix-install.mjs explicitly writes scripts into ~/.claude/project-brain and rewrites ~/.claude/settings.json hooks for SessionStart, UserPromptSubmit, Stop, and PostToolUse.
- src/global-brain-hook.mjs is installed as a Claude Code hook and can read prompts/session events, run git commands, and write project .claude state plus brain files.
- src/agent-rules.mjs linkProject writes AGENTS.md and multiple agent rule/MCP config files instructing agents to read/write the project brain automatically.
- package.json has no npm lifecycle hooks; install/link/init actions are user-invoked CLIs, not automatic on npm install/import.
- bin/klypix-install.mjs reports actions, backs up settings, refuses invalid settings JSON, and wires commands to package-owned local hook files.
- Network use found is package-aligned: npm version checks when requested and local A2A HTTP server on 127.0.0.1; no credential exfiltration endpoint found.
- bin/klypix-mcp.mjs exposes MCP tools for local .klypix canvas/brain read-write operations, matching the package description.
- src/klypix-core.mjs limits default vault/canvas operations to local files and optional local HuggingFace embedding cache; no destructive payload observed.
Source & flagged code
3 flagged · loading sourcePackage source references dynamic require/import behavior.
src/klypix-core.mjsView on unpkg · L157Package source references weak cryptographic algorithms.
src/klypix-core.mjsView on unpkg · L8This package version adds a dangerous source file absent from the previous stored version.
bin/klypix-mcp.mjsView on unpkg