AI Security Review
scanned 4h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package has a high-risk lifecycle installer that mutates the user's home environment and starts/installs infrastructure without an explicit CLI action. The observed AI-agent control files are package-owned under ~/.overmind, so this is a guarded platform extension lifecycle risk rather than confirmed hijack of a foreign agent surface.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/postinstall.mjs.
- scripts/postinstall.mjs executes shell commands during install: docker pull/run, docker exec, and npm install -g overmind-postgres-mcp.
- scripts/postinstall.mjs downloads .env.example and .mcp.json.example from GitHub main at install time and writes them under ~/.overmind.
- scripts/postinstall.mjs creates ~/.overmind/.mcp.json from downloaded content, defining MCP servers for local HTTP endpoints.
- dist/lib/config.js defaults ClaudeRunner permissions to --dangerously-skip-permissions when user invokes Claude agent runs.
- Install-time config is written under the package-owned ~/.overmind namespace, not directly to project .mcp.json, Claude/Codex/Cursor settings, or shell startup files.
- No credential exfiltration endpoint found; env/key handling is for local config validation and spawning configured agents.
- Agent runners and MCP endpoints are package-aligned orchestration functionality and mostly user-invoked after install.
- Agent names used in runner file paths are validated against path traversal.
Source & flagged code
13 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
bin/launch.cjsView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/lib/InstallHelper.jsView on unpkg · L1Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.mjsView on unpkg · L10Package source invokes a package manager install command at runtime.
scripts/setup-windows.jsView on unpkg · L55Package ships non-JavaScript build or shell helper files.
bin/test_mcp.batView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
scripts/verify-install.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/services/ClaudeRunner.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/services/KiloRunner.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
scripts/auto-install.mjsView on unpkg