AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is an explicit agent-extension installer and runtime hook bundle. It can write project-local agent configuration and run local hook scripts after a user installs/enables it.
Decision evidence
public snapshot- `bin/prd-install.js` explicitly runs the bundled Python installer.
- `scripts/prd_install.py` installs package scripts and configures `opencode.json`.
- `.codex/hooks.json` registers command hooks that run bundled Python files on agent events.
- `.opencode/plugins/prd-hooks.js` invokes installed hook scripts and can block `git commit`.
- `mcp/server.cjs` runs installed Python helpers through a local stdio MCP server.
- `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle hook.
- Entrypoints require explicit CLI or MCP/agent activation; no import-time execution was found.
- Process launches use fixed local interpreters/scripts with `shell: false` in the npm CLI wrappers.
- No credential harvesting, hardcoded exfiltration endpoint, remote payload download, or obfuscated binary payload was found.
- The flagged hidden hook is readable Python source, not a concealed payload.
Source & flagged code
2 flagged · loading sourcePackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.prd_plugin/hooks/prd_stop_guard.pyView on unpkgPackage ships non-JavaScript build or shell helper files.
.prd_plugin/hooks/prd_stop_guard.pyView on unpkg