AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No unconsented install-time behavior is present. An explicit `prd-install` command can configure repo-local AI-agent integrations, including MCP and Claude hooks.
Decision evidence
public snapshot- `scripts/prd_install.py` performs repo-local agent integration when explicitly invoked.
- Installer copies `mcp/server.cjs` and adds a `prd-plugin` entry to `.mcp.json`.
- Installer additively writes `.claude/settings.json` for plugin enablement and hooks.
- Installer defaults to Codex, OpenCode, and Claude setup during `prd-install` execution.
- `package.json` defines no preinstall, install, postinstall, or prepare lifecycle hook.
- `index.js` only exports package-relative paths; importing it has no side effects.
- `bin/prd-install*.js` invokes fixed local Python scripts with `shell: false`.
- `mcp/server.cjs` is stdio JSON-RPC and only bridges fixed local scripts/state files.
- `scripts/prd_vectorsmith.py` is optional, config-controlled, and defaults to disabled mode.
- No credential harvesting, remote payload loading, destructive action, or covert exfiltration was found.
Source & flagged code
2 flagged · loading sourcePackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.prd_plugin/hooks/prd_stop_guard.pyView on unpkgPackage ships non-JavaScript build or shell helper files.
.prd_plugin/hooks/prd_stop_guard.pyView on unpkg