registry  /  mcp-efficiency-engine  /  0.1.10

mcp-efficiency-engine@0.1.10

Motor de orquestacion para agentes MCP con routing por dominio y bootstrap portable.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. Npm postinstall mutates the consuming project rather than only this package. It installs package-controlled AI-agent instruction and MCP configuration surfaces in the host project without an explicit user command.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm installation, via the `postinstall` lifecycle hook.
Impact
A dependency install can impose package-authored instructions and MCP configuration on downstream AI agents and developer workflows.
Mechanism
recursive host-project scaffold of AI-agent control files and Git hooks
Policy narrative
On installation, `package.json` invokes `bin/install-host.js --postinstall`. The installer targets `INIT_CWD` or the current directory, recursively copies package content into that host project, including `AGENTS.md`, `.github/`, and `.vscode/`. Those artifacts establish package-authored AI-agent operating instructions and MCP configuration outside the dependency directory. It then configures a host-local Git hook path. This is unconsented postinstall mutation of a foreign, broad AI-agent control surface.
Rationale
Source inspection confirms the scanner finding: the install lifecycle writes package-authored AI-agent control artifacts into the consuming project. The preservation of existing files and lack of confirmed exfiltration do not remove the unconsented postinstall control-surface mutation.
Evidence
package.jsonbin/install-host.jsAGENTS.mdscripts/setup/install-project-hooks.ps1telemetry/config.json.github/.vscode/mcp.json.githooks/post-commit

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for policy block
  • `package.json` runs `bin/install-host.js --postinstall` automatically.
  • `bin/install-host.js` selects `INIT_CWD`/cwd as host target and recursively copies package files.
  • Postinstall drops `AGENTS.md`, `.github/`, and `.vscode/` into the host project.
  • Dropped `AGENTS.md` supplies mandatory AI-agent routing, tool, and execution rules.
  • Postinstall also configures host-local Git hooks via `scripts/setup/install-project-hooks.ps1`.
Evidence against
  • Existing target files are preserved unless `--force` is supplied.
  • LangSmith export is disabled by default in `telemetry/config.json`.
  • No hard-coded network endpoint or credential-exfiltration path was confirmed.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 17.0 KB of source

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node ./bin/install-host.js --postinstall
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./bin/install-host.js --postinstall
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/install-host.jsView file
1Install-time AI-agent control hijack evidence: L27: "tooling", L28: "AGENTS.md", L29: "ARCHITECTURE.md", ... L148: function ensureDir(dirPath) { L149: fs.mkdirSync(dirPath, { recursive: true }); L150: } ... L163: L164: fs.copyFileSync(sourcePath, targetPath); L165: return { copied: true, skipped: false, reason: "copied" }; Payload evidence from AGENTS.md: L1: <!-- markdownlint-disable MD013 --> L2:
Critical
Ai Agent Control Hijack

Install-time source drops package-supplied AI-agent/MCP control files or instructions.

bin/install-host.jsView on unpkg · L1
scripts/context/build-repomix.ps1View file
path = scripts/context/build-repomix.ps1 kind = build_helper sizeBytes = 64 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/context/build-repomix.ps1View on unpkg

Findings

1 Critical1 High4 Medium2 Low
CriticalAi Agent Control Hijackbin/install-host.js
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
MediumShips Build Helperscripts/context/build-repomix.ps1
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem