AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Risky primitives are aligned with a local Claude GUI/agent app and are activated by explicit CLI runtime use, not package install.
Decision evidence
public snapshot- package.json has no install/postinstall lifecycle hooks; only bin entry is bin/mulmoclaude.js.
- bin/mulmoclaude.js runs only when invoked, checks claude --version, starts local server, and polls/opens localhost.
- server/index.ts provisions Claude PostToolUse hooks at runtime for the app workspace, before spawning the Claude agent.
- server/workspace/hooks/provision.ts writes a bounded dispatcher entry it owns and preserves unrelated user hooks.
- server/workspace/hooks/dispatcher.ts only handles wiki snapshots, config refresh, and data/skills to .claude/skills mirroring.
- src/config/firebaseConfig.ts contains public Firebase web config, explicitly documented as non-secret.
Source & flagged code
10 flagged · loading sourcePackage contains a high-severity secret pattern.
src/config/firebaseConfig.tsView on unpkg · L11Google API key in src/config/firebaseConfig.ts
src/config/firebaseConfig.tsView on unpkg · L11Package source references a known benign dynamic code generation pattern.
src/plugins/spreadsheet/engine/evaluator.tsView on unpkg · L336This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/mulmoclaude.jsView on unpkgPackage source references dynamic require/import behavior.
bin/mulmoclaude.jsView on unpkg · L21Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
client/assets/mermaid-parser.core-DC7NPJ_M-Ca6XzwfM.jsView on unpkg · L46Package ships non-JavaScript build or shell helper files.
sandbox-entrypoint.shView on unpkgPackage ships high-entropy non-source blobs.
client/assets/material-icons-kAwBdRge.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
client/assets/marp-Dh7C24F1.jsView on unpkgPackage manifest contains a dependency pinned to a remote tarball URL.
package.jsonView on unpkg