AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was found. The package is a user-invoked AI CLI statusline installer that mutates Claude/Copilot user settings and installs its own copied engine, which creates agent extension lifecycle risk but not unconsented install-time hijack.
Decision evidence
public snapshot- lib/install.mjs writes user-level ~/.claude/settings.json and ~/.copilot/settings.json statusLine commands
- lib/install.mjs copies engine files into ~/.claude/moodline and ~/.copilot/moodline and may write ~/.claude/commands/moodline.md
- lib/commands/moodline.command.md is a Claude command template allowed to run moodline commands
- bin/moodline.js update invokes npm global install, but only from explicit moodline update command
- lib/moodline-core.mjs spawns detached --update-check and fetches npm registry update metadata
- package.json has no preinstall/install/postinstall lifecycle hooks
- Agent settings mutation is reached through explicit user commands such as init, enable, config, coauthor, or uninstall
- No credential harvesting or exfiltration logic found
- Network use is update/ad metadata to registry.npmjs.org and localhost OpenCode watch when user invokes watch
- child_process use is bounded to absolute node/npm/git paths with shell:false or fixed git args
- No eval/vm/Function, native binary loading, or destructive project-file behavior found
Source & flagged code
3 flagged · loading sourcePackage source invokes a package manager install command at runtime.
bin/moodline.jsView on unpkg · L48This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
lib/moodline-core.mjsView on unpkg