AI Security Review
scanned 4h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time attack surface. The package explicitly sets up and launches a Claude Code multi-agent workflow with broad local file/git control, including an optional dangerous skip-permissions mode.
Decision evidence
public snapshot- core/workflow/agent.js generates TASK.md instructing Claude to run autonomously and execute npm run complete.
- core/workflow/agent.js offers recommended full-permission launch and runs claude --dangerously-skip-permissions when selected.
- init.js writes project package.json scripts, .workflow files, CLAUDE.md/.agents scaffolding, git hook, and runs npm install during explicit init.
- core/workflow/reset.js contains destructive reset path deleting worktrees, branches, remote repo via gh, and project files after confirmations.
- package.json has no preinstall/install/postinstall lifecycle hooks; bin is user-invoked init.js only.
- No credential harvesting or exfiltration logic found in inspected source.
- Network use is package-aligned: npm/PyPI version lookups, GitHub/gh/git remote operations, Claude signup/open commands.
- Runtime npm install targets generated project dependencies or explicit Claude Code CLI install prompt, not hidden payload loading.
- AI-agent files are first-party workflow scaffolding created by explicit multi-agents init/agent commands.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
core/workflow/reset.jsView on unpkg · L19Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
core/workflow/reset.jsView on unpkg · L22This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
core/workflow/agent.jsView on unpkgPackage source invokes a package manager install command at runtime.
core/workflow/agent.jsView on unpkg · L658