AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was found. The package does expose explicit MCP tools that mutate Cursor skills/agents and share local Cursor content through GitHub or Bitbucket PRs, which is agent-extension lifecycle risk rather than install-time compromise.
Decision evidence
public snapshot- MCP tools copy bundled skills/agents into ~/.cursor or project .cursor paths on explicit tool calls: dist/application/install-cursor-skills.js, dist/application/install-cursor-agents.js.
- Share tools can read cursor-skills/cursor-agents from a project and open GitHub/Bitbucket PRs using host env credentials: dist/application/share-cursor-github.js, dist/adapters/driven/github.js, dist/adapters/driven/bitbucket.js.
- Runtime uses child_process execFileSync only for git remote/default-branch detection during share flow: dist/application/git-repo-detect.js.
- package.json has no preinstall/install/postinstall hook; prepare only runs husky and build for development/publish flows.
- Network use is package-aligned: Runrun.it API, Discord API, GitHub/Bitbucket PR APIs, optional Sentry with sanitization.
- Runrun.it credentials are sent only as headers to https://runrun.it/api/v1.0 in dist/adapters/driven/api.js.
- Cursor writes are explicit MCP tools, not import-time or install-time mutation, and destination checks require .cursor/skills or .cursor/agents.
- No confirmed credential harvesting, arbitrary remote payload execution, destructive persistence, or stealth exfiltration found.
Source & flagged code
6 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L1225Source executes local commands and sends command output to an external endpoint.
dist/index.jsView on unpkg · L1225A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L1225Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L2941Package source references dynamic require/import behavior.
dist/server.jsView on unpkg · L9