AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. User-invoked MulmoClaude startup provisions a Claude Code PostToolUse hook and project-scope skills inside the app workspace. This is agent extension/control-surface behavior, but it is package-aligned and not npm install-time hijacking.
Decision evidence
public snapshot- server/index.ts calls provisionDispatcherHook on user-invoked server startup
- server/workspace/hooks/provision.ts writes <workspace>/.claude/settings.json and .claude/hooks/mulmoclaude-dispatcher.mjs
- dispatcher handles PostToolUse Write/Edit/Bash and mirrors data/skills into .claude/skills
- server/agent/config.ts pre-allows broad Claude/MCP tools including Bash, Write, Edit, WebFetch, WebSearch, Skill
- package.json has no install/postinstall lifecycle hook
- bin/mulmoclaude.js only runs when CLI is invoked and binds UI to localhost
- hook writes are under the app workspace, default ~/mulmoclaude, not global ~/.claude
- sidecar hardens callback host/port and posts only to loopback/host.docker.internal with bearer token
- Firebase config is public project config; remote-host connect requires authenticated local API call
Source & flagged code
10 flagged · loading sourcePackage contains a high-severity secret pattern.
src/config/firebaseConfig.tsView on unpkg · L11Google API key in src/config/firebaseConfig.ts
src/config/firebaseConfig.tsView on unpkg · L11Package source references a known benign dynamic code generation pattern.
src/plugins/spreadsheet/engine/evaluator.tsView on unpkg · L336Package source references dynamic require/import behavior.
bin/mulmoclaude.jsView on unpkg · L21Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
client/assets/mermaid-parser.core-DC7NPJ_M-Ca6XzwfM.jsView on unpkg · L46Package ships non-JavaScript build or shell helper files.
sandbox-entrypoint.shView on unpkgPackage ships high-entropy non-source blobs.
client/assets/material-icons-kAwBdRge.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
client/assets/index-B3NxFcEH.jsView on unpkgPackage manifest contains a dependency pinned to a remote tarball URL.
package.jsonView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
server/api/routes/config.tsView on unpkg