AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs the `mcp-user-system-install` bin, then launches the configured MCP server.
Impact
Adds an MCP server entry and persists the user-entered backend URL and access token in local MCP configuration.
Mechanism
Explicit MCP configuration mutation and authenticated wallet API requests.
Rationale
Source inspection found no malicious install hook or covert execution chain. The package still warrants a warning because an explicit installer persists credentials and registers an MCP command in an AI client configuration.
Evidence
package.jsoninstall.cjsdist/index.jsdist/env.jsdist/tools/wallet.js
Decision evidence
public snapshotAI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `install.cjs` explicitly writes a `user-system` entry into Claude Desktop MCP configuration.
- The installer stores caller-supplied `TUS_BASE_URL` and `TUS_ACCESS_TOKEN` in that MCP configuration.
- `dist/tools/wallet.js` sends the configured token as a Bearer header to the caller-configured base URL.
Evidence against
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- Configuration mutation occurs only when the separate `mcp-user-system-install` CLI is run interactively.
- Runtime exposes fixed wallet-read tools over stdio; no shell execution, dynamic code loading, or hidden network host is present.
Behavioral surface
EnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/tools/wallet.jsView file
•Published source reference
Medium
Ai Review Evidence
`dist/tools/wallet.js` sends the configured token as a Bearer header to the caller-configured base URL.
dist/tools/wallet.jsView on unpkgFindings
5 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidence
MediumAi Review Evidence
MediumAi Review Evidencedist/tools/wallet.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings