Interactive CLI to scaffold monorepo projects for onchain AI agents
LPM treats this as warn-only first-party agent extension lifecycle risk. The user-run scaffolder can configure MCP servers in a newly created project and provision user-supplied secrets to the advertised 1Claw API. No install-time attack surface or unconsented broad agent-control mutation is present.
Source appears to send environment or credential material to an external endpoint.
dist/cli.jsView on unpkg · L6A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli.jsView on unpkg · L6This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.jsView on unpkg · L10951Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L2018Package source references dynamic require/import behavior.
dist/cli.jsView on unpkg · L2396Source appears to send environment or credential material to an external endpoint.
dist/cli.jsView on unpkg · L6A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli.jsView on unpkg · L6This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L2018Package source references dynamic require/import behavior.
dist/cli.jsView on unpkg · L2396A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.jsView on unpkg · L10951