AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is a CLI that explicitly installs OpenSpec/Playwright E2E support into Claude Code or OpenCode projects. It mutates agent/editor command and MCP configuration only when user commands such as init/update/uninstall are run.
Decision evidence
public snapshot- dist/commands/init.js writes editor commands, Playwright templates, credentials.yaml, AGENTS.md/CLAUDE.md during explicit init.
- dist/commands/editors.js can run `claude mcp add/remove` and edit opencode.json(c) MCP/instructions.
- dist/shared/mcp.js installs `playwright` MCP command `npx @playwright/mcp@latest`.
- dist/commands/update.js can run npm install/pack and refresh commands/templates/rules on explicit update.
- dist/commands/mcpSync.js and dist/utils/mcp-tools.js fetch @playwright/mcp metadata/tarballs and rewrite SKILL.md tool tables.
- package.json has no preinstall/install/postinstall hook; only prepublishOnly build.
- bin/openspec-pw.js only restores caller cwd then imports CLI dispatcher.
- Agent/editor config mutation is tied to user-invoked init/update/uninstall commands, not install-time execution.
- Network/package-manager use is package-aligned: version checks, self-update, OpenSpec/Playwright MCP setup.
- No credential harvesting or exfiltration found; env vars are used for test credentials/base URL templates.
Source & flagged code
4 flagged · loading sourcePackage source references child process execution.
dist/utils/mcp-tools.jsView on unpkg · L5Package source invokes a package manager install command at runtime.
dist/commands/coverage.jsView on unpkg · L278This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/commands/editors.jsView on unpkg