AI Security Review
scanned 7h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No unconsented install-time attack was confirmed. Explicit CLI/template setup can install agent hooks and configure a project Codex MCP server.
Decision evidence
public snapshot- `templates/.claude/install-hooks.sh` copies executable hooks into `~/.claude` and merges hook settings.
- The template hook config contains command hooks that can constrain Claude Code tool use.
- `dist/cli/index.js` has explicit CLI paths that install tools and configure `.codex/config.toml`.
- CLI source references an external RTK installer URL and a Git-based ontology-rag install.
- `package.json` ships only `dist`, `templates`, and `packages/serve/build`; it does not ship `scripts/setup-hooks.sh`.
- No `preinstall`, `install`, or `postinstall` lifecycle hook is declared.
- The broad `~/.claude` mutation is confined to a template script, not an npm lifecycle hook.
- The compressed `.gz`/`.br` assets are normal static web-build artifacts, not a confirmed loader.
Source & flagged code
14 flagged · loading sourceSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L320Package source references weak cryptographic algorithms.
dist/index.jsView on unpkg · L320Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/cli/index.jsView on unpkg · L12257Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/cli/index.jsView on unpkg · L52Package source invokes a package manager install command at runtime.
dist/cli/index.jsView on unpkg · L23829Package source references a known benign dynamic code generation pattern.
dist/cli/index.jsView on unpkg · L35055Package source references dynamic require/import behavior.
packages/serve/build/server/index.jsView on unpkg · L39Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
templates/.claude/install-hooks.shView on unpkgPackage ships non-JavaScript build or shell helper files.
templates/.claude/install-hooks.shView on unpkgPackage ships compressed or archive-like blobs.
packages/serve/build/client/favicon.svg.brView on unpkgPackage ships high-entropy non-source blobs.
packages/serve/build/client/_app/immutable/nodes/8.cA6N2D29.js.gzView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
packages/serve/build/server/chunks/16-CMB4iSTl.jsView on unpkg