AI Security Review
scanned 4h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Package is an AI agent framework that can install project agent entry files, hooks, MCP configs, skills, and background update hooks after explicit onboarding. The remaining risk is platform extension lifecycle behavior, especially auto-update from a registered agent SessionStart hook, not confirmed malware.
Decision evidence
public snapshot- package.json defines postinstall: node runtime/scripts/postinstall.mjs
- runtime/hooks/silent-update.mjs runs npm view and may spawn npm install -g paqad-ai@latest && paqad-ai update --silent
- dist/cli/index.js generates agent hooks/configs for .claude/settings.json and .codex/hooks.json during onboard/update
- dist/cli/index.js writes provider MCP configs under .claude/.codex/.cursor/.vscode etc.
- dist/cli/index.js stores local RAG secrets in .paqad/secrets.env and chmods 0600
- postinstall only chmods shipped runtime .sh/.mjs files under runtime/hooks and runtime/scripts
- Agent config and hook registration are exposed through explicit paqad-ai onboard/update CLI flows, not package install
- No install-time credential harvesting, broad filesystem scan, or exfiltration found
- Remote AI/RAG calls use user-configured API keys and package-aligned providers
- Scanner secret hit is a documentation pattern file, not a committed credential
Source & flagged code
13 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
runtime/capabilities/security/skills/cryptographic-review/references/crypto-weakness-patterns.mdView on unpkg · L13RSA private key in runtime/capabilities/security/skills/cryptographic-review/references/crypto-weakness-patterns.md
runtime/capabilities/security/skills/cryptographic-review/references/crypto-weakness-patterns.mdView on unpkg · L11RSA private key in runtime/capabilities/security/skills/cryptographic-review/references/crypto-weakness-patterns.md
runtime/capabilities/security/skills/cryptographic-review/references/crypto-weakness-patterns.mdView on unpkg · L12EC private key in runtime/capabilities/security/skills/cryptographic-review/references/crypto-weakness-patterns.md
runtime/capabilities/security/skills/cryptographic-review/references/crypto-weakness-patterns.mdView on unpkg · L13Package source references child process execution.
dist/rule-scripts/index.jsView on unpkg · L503Package source references dynamic require/import behavior.
runtime/graph-ui/assets/index-B7e9pFJw.jsView on unpkg · L218Source reaches cloud instance metadata or link-local credential endpoints.
dist/index.jsView on unpkg · L523Package source references weak cryptographic algorithms.
dist/index.jsView on unpkg · L523Package source invokes a package manager install command at runtime.
runtime/hooks/silent-update.mjsView on unpkg · L347Package ships non-JavaScript build or shell helper files.
runtime/capabilities/security/skills/auth-mechanism-review/scripts/scan-auth-smells.shView on unpkg