AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface. The notable risk is explicit user-command installation of a first-party Neodrop skill into Claude's skills directory, not an install-time hijack.
Decision evidence
public snapshot- lib/install-skill.mjs copies package SKILL.md and references/ into ~/.claude/skills/neodrop-cli on explicit install-skill command.
- SKILL.md instructs agents to route Neodrop requests through npx neodrop-cli.
- bin/neodrop.mjs login writes a PAT to ~/.neodrop/credentials.json after user browser approval.
- package.json has no preinstall/install/postinstall/prepare lifecycle scripts.
- Network calls in lib/api.mjs and lib/chat.mjs go to user-selected Neodrop API origins for tRPC and /api/chat.
- No child_process, eval, dynamic import, native binary loading, or obfuscated payload found in inspected source.
- Credential storage is package-aligned, chmod 0600, and used for authenticated user commands.
- Agent skill installation is not automatic at install/import time; it requires the explicit neodrop install-skill command.
Source & flagged code
2 flagged · loading sourcelib/install-skill.mjs copies package SKILL.md and references/ into ~/.claude/skills/neodrop-cli on explicit install-skill command.
lib/install-skill.mjsView on unpkgbin/neodrop.mjs login writes a PAT to ~/.neodrop/credentials.json after user browser approval.
bin/neodrop.mjsView on unpkg