AI Security Review
scanned 6h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Install lifecycle performs broad setup for an AI/MCP platform, including home-directory MCP config, remote config fetches, global npm install, and a persistent Docker Postgres service. This is risky and consent-sensitive but source evidence points to package-aligned setup rather than confirmed malware.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/postinstall.mjs
- scripts/postinstall.mjs creates ~/.overmind/.env, .env.postgres, .mcp.json
- scripts/postinstall.mjs downloads .env.example and .mcp.json.example from raw.githubusercontent.com during install
- scripts/postinstall.mjs runs docker pull/run with --restart unless-stopped and npm install -g overmind-postgres-mcp
- dist/lib/config.js defaults Claude permissions to --dangerously-skip-permissions
- .mcp.json.example only points to localhost MCP URLs, not external C2
- Writes are under first-party ~/.overmind namespace rather than Claude/Codex/Cursor global config
- Claude execution and .claude agent files are runtime/user-invoked, not import-time
- No credential exfiltration endpoint found in inspected source
- No obfuscated payload, eval/vm, or native binary loading found in reviewed hot files
Source & flagged code
9 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/lib/InstallHelper.jsView on unpkg · L1Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.mjsView on unpkg · L10Package source invokes a package manager install command at runtime.
scripts/setup-windows.jsView on unpkg · L55Package ships non-JavaScript build or shell helper files.
bin/test_mcp.batView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/services/ClaudeRunner.jsView on unpkg