AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Install-time code writes bundled AI-agent skills into the npm initiating workspace's `.agents` directory, overwriting matching files. The CLI repeats a guarded `.agents` initialization when explicitly run. No concrete exfiltration, remote execution, or destructive payload is present.
Decision evidence
public snapshot- `package.json` runs `node installSkills.js` as `postinstall`.
- `installSkills.js` recursively copies bundled `.agents` into `INIT_CWD/.agents` and overwrites existing files.
- `server.js` also initializes `.agents` in the current workspace when the CLI starts.
- Bundled `mikuplan` and `mikuwork` skills direct an AI agent to modify workspace planning/code files.
- No credential, environment-secret, or home-directory harvesting found.
- No child-process, shell, eval, dynamic code loading, or binary execution found.
- No network requests or exfiltration paths exist in Node sources.
- Server only exposes local state/task endpoints and writes workspace state files.
- External URLs in `public/index.html` are UI CDNs, not package-controlled payload delivery.
Source & flagged code
3 flagged · loading sourceTarball package.json differs from the npm registry version manifest for scripts or dependency sets.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
server.jsView on unpkg