AI Security Review
scanned 10d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malware or unconsented npm lifecycle execution was found. The package is an AI-agent messaging platform whose explicit installer mutates multiple agent control surfaces and can auto-refresh a Claude project skill from Patchcord's service, creating agent extension lifecycle risk.
Decision evidence
public snapshot- bin/patchcord.mjs user-invoked install writes global agent integrations for Claude, Codex, Kimi, Cursor/Windsurf/Gemini/Hermes.
- scripts/check-inbox.sh fetches /api/skills/{namespace}/{agent} and writes returned text to .claude/skills/patchcord-custom/SKILL.md.
- bin/patchcord.mjs installs Codex Stop hook in ~/.codex/hooks.json and Kimi SessionStart/Stop hooks in ~/.kimi-code/config.toml.
- bin/patchcord.mjs runs npm install -g patchcord@currentVersion and npx patchcord@latest for update command.
- scripts/subscribe.mjs maintains a background realtime listener and can POST wake messages to a Hermes webhook.
- package.json has no install/postinstall/preinstall lifecycle hook; setup is activated by explicit patchcord CLI invocation.
- Network calls are to package-aligned Patchcord endpoints for login, MCP, inbox, upload, realtime, provisioning, and schedules.
- Token/config readers are scoped to Patchcord MCP entries and include project-scoped safeguards for several tools.
- No evidence of credential harvesting beyond reading Patchcord bearer/account tokens from its own config locations.
- No destructive behavior against arbitrary user files; removals target stale Patchcord artifacts/cache entries.
Source & flagged code
6 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/patchcord.mjsView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/patchcord.mjsView on unpkg · L5Package source invokes a package manager install command at runtime.
bin/patchcord.mjsView on unpkg · L1379Package source references weak cryptographic algorithms.
scripts/lib/ws.mjsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
scripts/kimi-subscribe.shView on unpkg