AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Install-time hook mutates broad AI-agent MCP control surfaces without an explicit user command. It registers this package as an MCP server for Claude Desktop, Codex Desktop, and Claude Code.
Decision evidence
public snapshot- package.json defines postinstall running scripts/postinstall.cjs
- scripts/postinstall.cjs automatically runs CLI install-mcp unless PAAT_SKIP_INSTALL_MCP=1
- dist/src/cli/install-mcp.js writes %APPDATA%/Claude/claude_desktop_config.json
- dist/src/cli/install-mcp.js writes ~/.codex/config.toml MCP server entry
- dist/src/cli/install-mcp.js invokes claude mcp remove/add for Claude Code user config
- scripts/postinstall.cjs also stages dashboard binary and on Windows installs shortcut/autostart
- postinstall skips CI, transitive installs, and PAAT_SKIP_POSTINSTALL=1
- MCP entries point to this package CLI with args [index.js, mcp], not a remote payload
- existing Claude/Codex configs are backed up before writes
- no credential harvesting or external exfiltration endpoints found in inspected source
- browser automation is lane/profile-gated and localhost-oriented
- native dashboard binary is package-aligned but not deeply reverse engineered
Source & flagged code
6 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references a known benign dynamic code generation pattern.
dist/src/core/pagejs.jsView on unpkg · L18Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
scripts/build-dashboard-tauri.cjsView on unpkg · L31This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/src/core/chrome.jsView on unpkg