AI Security Review
scanned 1h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time or import-time attack surface was found. The package does contain first-party AI orchestration features that can expose project files and shell execution to configured model providers when users invoke the pipeline/direct backend.
Decision evidence
public snapshot- dist/run-DHHryElL.js exposes read_file/write_file/shell/grep/glob tools to LLM tool calls in direct backend
- dist/run-DHHryElL.js sends prompts/tool schemas to Anthropic/OpenAI/Gemini endpoints using env API keys
- dist/cli/index.js can scaffold .claude and .codex prompts/skills; --install-user-scope writes namespaced content to ~/.codex
- dist/cli/index.js prunes only substrate/bmad-owned prompt/skill entries before copying replacements
- package.json has no preinstall/install/postinstall lifecycle hooks
- dist/cli/index.js main only runs when invoked as CLI, not on package import
- Direct backend requires explicit pipeline/factory execution and provider API key env vars
- User-scope Codex install is gated by explicit --install-user-scope flag
- No credential harvesting or exfiltration endpoint beyond configured model provider APIs found
- No broad foreign AI-agent control-surface mutation at npm install time found
Source & flagged code
9 flagged · loading sourcePackage source references child process execution.
dist/manifest-read-BgZ6mR5R.jsView on unpkg · L8This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/run-DHHryElL.jsView on unpkgSource exposes local file and command tools to a remote model endpoint.
dist/run-DHHryElL.jsView on unpkg · L16Package source invokes a package manager install command at runtime.
dist/run-DHHryElL.jsView on unpkg · L15833Package source references a known benign dynamic code generation pattern.
dist/run-DHHryElL.jsView on unpkg · L31881Package source references dynamic require/import behavior.
dist/cli/index.jsView on unpkg · L1501Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/dist-DiNK6QOD.jsView on unpkg · L3Package ships non-JavaScript build or shell helper files.
dist/cli/templates/statusline.shView on unpkg