AI Security Review
scanned 2d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is an explicit AI-agent extension layer that can register hooks/plugins across several agent config directories. This is a real lifecycle/control-surface risk, but source inspection did not show unconsented npm install-time mutation or exfiltration.
Decision evidence
public snapshot- package.json exposes bin pal -> src/cli/index.ts and lifecycle scripts prepare/uninstall, but no preinstall/install/postinstall hook.
- src/cli/index.ts pal cli install runs bun install/playwright install and imports target installers for Claude, opencode, Cursor, Copilot, Codex.
- src/targets/codex/install.ts writes ~/.codex/hooks.json, rules/default.rules, config.toml, and skills.
- src/targets/claude/install.ts, cursor/install.ts, copilot/install.ts, opencode/install.ts register PAL hooks/plugins/skills in agent config directories.
- src/hooks/lib/inference.ts can spawn claude/codex/opencode/copilot/cursor or call Anthropic/OpenAI APIs when user keys are configured.
- Agent config mutation is behind explicit pal cli install/init or uninstall, not npm install-time.
- .husky/install.mjs exits in production/no .git and only installs Husky for dev repos.
- Network endpoints are package-aligned or user-invoked: npm registry update check, model APIs, localhost Fyzz tool, Playwright local server.
- No source evidence of credential harvesting; API keys are read for configured model/tool calls and not printed.
- Uninstallers remove PAL-owned hooks/plugins and preserve existing user config via merge/unmerge/backups.
- Scanner child_process/shell hits are CLI/tool wrappers and agent integration logic, not hidden payload execution.
Source & flagged code
6 flagged · loading sourcePackage source references child process execution.
assets/skills/playwright/tools/shot.tsView on unpkg · L14Package source references shell execution.
assets/skills/consulting-report/tools/dev.tsView on unpkg · L30Package source references dynamic require/import behavior.
assets/skills/consulting-report/tools/generate-pdf.tsView on unpkg · L87This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/cli/index.tsView on unpkgPackage source invokes a package manager install command at runtime.
src/cli/index.tsView on unpkg · L1057Package ships non-JavaScript build or shell helper files.
assets/statusline.ps1View on unpkg