registry  /  neodrop-cli  /  1.2.0

neodrop-cli@1.2.0

Neodrop (neodrop.ai) CLI — let your AI agent (Claude Code / Cursor / Codex) browse channels, read posts, manage subscriptions, create channels and chat with Neodrop's AI assistants as you. stdout is always valid JSON. npx neodrop-cli login and go.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface. The notable risk is explicit user-command installation of a first-party Neodrop skill into Claude's skills directory, not an install-time hijack.

Static reason
No blocking static signals were detected.
Trigger
User runs neodrop install-skill or npx neodrop-cli install-skill; API access requires user-run commands such as login/chat/api.
Impact
Warn-level agent extension lifecycle risk; no evidence of stealth persistence, exfiltration, or remote payload execution.
Mechanism
explicit CLI API client plus optional first-party agent skill copy
Rationale
Source inspection supports a warn-level lifecycle risk for explicit first-party agent skill setup, but not malicious behavior. Network and credential operations are aligned with the CLI's documented Neodrop functionality and are user-invoked.
Evidence
package.jsonbin/neodrop.mjslib/api.mjslib/chat.mjslib/credentials.mjslib/install-skill.mjslib/origins.mjsSKILL.md~/.neodrop/credentials.json~/.neodrop/credentials.json.tmp~/.claude/skills/neodrop-cli/SKILL.md~/.claude/skills/neodrop-cli/references/
Network endpoints4
neodrop.aiapi.neodrop.ailocalhost:4001localhost:3001

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • lib/install-skill.mjs copies package SKILL.md and references/ into ~/.claude/skills/neodrop-cli on explicit install-skill command.
  • SKILL.md instructs agents to route Neodrop requests through npx neodrop-cli.
  • bin/neodrop.mjs login writes a PAT to ~/.neodrop/credentials.json after user browser approval.
Evidence against
  • package.json has no preinstall/install/postinstall/prepare lifecycle scripts.
  • Network calls in lib/api.mjs and lib/chat.mjs go to user-selected Neodrop API origins for tRPC and /api/chat.
  • No child_process, eval, dynamic import, native binary loading, or obfuscated payload found in inspected source.
  • Credential storage is package-aligned, chmod 0600, and used for authenticated user commands.
  • Agent skill installation is not automatic at install/import time; it requires the explicit neodrop install-skill command.
Behavioral surface
Source
CryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 8 file(s), 41.6 KB of source, external domains: github.com, neodrop.ai

Source & flagged code

2 flagged · loading source
lib/install-skill.mjsView file
Published source reference
Medium
Ai Review Evidence

lib/install-skill.mjs copies package SKILL.md and references/ into ~/.claude/skills/neodrop-cli on explicit install-skill command.

lib/install-skill.mjsView on unpkg
bin/neodrop.mjsView file
Published source reference
Medium
Ai Review Evidence

bin/neodrop.mjs login writes a PAT to ~/.neodrop/credentials.json after user browser approval.

bin/neodrop.mjsView on unpkg

Findings

5 Medium3 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencelib/install-skill.mjs
MediumAi Review Evidence
MediumAi Review Evidencebin/neodrop.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings