AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Install-time code mutates the consuming project, not just its own package directory. It drops an MCP configuration and enables a repository hook without explicit user invocation.
Decision evidence
public snapshot- `package.json` runs `bin/install-host.js --postinstall`.
- `bin/install-host.js` targets `INIT_CWD`/cwd and copies a broad scaffold during postinstall.
- The scaffold includes `.vscode`, which contains package-supplied MCP server commands.
- Postinstall configures local `core.hooksPath=.githooks`, creating post-commit persistence.
- `scripts/setup/setup-prerequisites.ps1` contains remote `Invoke-RestMethod | Invoke-Expression` for later bootstrap.
- Postinstall detects noninteractive execution and skips the interactive bootstrap path.
- Existing scaffold files are preserved unless `--force` is supplied.
- No credential exfiltration or lifecycle network endpoint was confirmed.
- LangSmith telemetry is disabled by default in `telemetry/config.json`.
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
bin/install-host.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
scripts/context/build-repomix.ps1View on unpkg