AI Security Review
scanned 5h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack chain was found, but the package is an AI CLI statusline installer that mutates user-level Claude/Copilot agent configuration when explicitly run. It also performs package-aligned update checks and a user-invoked global self-update.
Decision evidence
public snapshot- User-invoked `moodline init/enable` writes `~/.claude/settings.json` and `~/.copilot/settings.json` statusLine commands in `lib/install.mjs`.
- `lib/install.mjs` copies engine files into `~/.claude/moodline` or `~/.copilot/moodline` and adds Claude slash command `commands/moodline.md`.
- `lib/moodline-core.mjs` spawns a detached self process for update checks and writes `.update.json`.
- `bin/moodline.js` has user-invoked `update` running global npm install via `spawnSync`.
- Network calls reach npm registry for `moodline/latest` and `jdi-cli/latest`; `watch` fetches a user-supplied/local OpenCode URL.
- `package.json` has no preinstall/install/postinstall lifecycle scripts.
- Agent config mutation is only through explicit CLI commands, not install-time import or npm lifecycle execution.
- Npm install target is constrained to `moodline@semver` or `moodline@latest`, package name is allowlisted, and `shell:false` is used.
- No credential/env harvesting or outbound exfiltration endpoints found.
- Git execution uses fixed absolute git candidates and validated cwd via `safeDir`.
- README documents the statusLine setup, copied engine, npm update checks, and JDI mention behavior.
Source & flagged code
3 flagged · loading sourcePackage source invokes a package manager install command at runtime.
bin/moodline.jsView on unpkg · L48This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
lib/moodline-core.mjsView on unpkg