AI Security Review
scanned 5h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Install-time behavior is high-risk but package-aligned: it provisions local MCP/database infrastructure and writes first-party Overmind config. No confirmed malicious exfiltration or foreign AI-agent control hijack was found.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/postinstall.mjs
- scripts/postinstall.mjs downloads .env.example and .mcp.json.example from raw.githubusercontent.com during install
- scripts/postinstall.mjs writes ~/.overmind/.env, ~/.overmind/.env.postgres, and ~/.overmind/.mcp.json
- scripts/postinstall.mjs can run docker pull/run and npm install -g overmind-postgres-mcp during lifecycle
- dist/lib/config.js defaults Claude permissions to --dangerously-skip-permissions for runtime agent execution
- dist/services/AgentManager.js and HermesProfileManager.js create agent prompts/configs under .claude or Hermes profile directories when invoked
- No import-time execution found beyond exported modules inspected
- Lifecycle writes are in the package-owned ~/.overmind namespace rather than Claude/Codex/Cursor global config
- Bundled .mcp.json.example points to localhost MCP servers only
- No credential harvesting or external exfiltration path confirmed in inspected source
- Agent/config writes require user-invoked MCP/CLI operations, not postinstall
Source & flagged code
13 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
bin/launch.cjsView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/lib/InstallHelper.jsView on unpkg · L1Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.mjsView on unpkg · L10Package source invokes a package manager install command at runtime.
scripts/setup-windows.jsView on unpkg · L55Package ships non-JavaScript build or shell helper files.
bin/test_mcp.batView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
scripts/verify-install.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/services/ClaudeRunner.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/services/KiloRunner.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
scripts/auto-install.mjsView on unpkg