AI Security Review
scanned 2d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package mutates a host project during npm postinstall by copying AI-agent/MCP control files and agent instructions into INIT_CWD. This is an unconsented install-time write to a broad foreign AI-agent control surface.
Decision evidence
public snapshot- package.json defines postinstall: node ./bin/install-host.js --postinstall
- bin/install-host.js defaults targetDir to INIT_CWD/process.cwd and copies scaffoldEntries into host project
- scaffoldEntries include .vscode, AGENTS.md, scripts, policies, memory, orchestrator, and tooling
- packaged .vscode/mcp.json defines MCP servers: token-saver-mcp, codebase-memory-mcp, codegraph, gitnexus, repomix, graphify
- postinstall creates runtime dirs and repo-registry/repos.yml via scripts/intake/init-template-registry.ps1 in non-interactive npm installs
- bin/install-host.js skips host scaffold when target is packageRoot
- copyFile preserves differing existing files unless --force
- npm postinstall non-interactive path omits bootstrap and does not run setup-prerequisites.ps1
- No credential harvesting or exfiltration found in inspected entrypoints
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
bin/install-host.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
scripts/context/build-repomix.ps1View on unpkg