AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The npm package is a CLI wrapper that bootstraps and runs a Python MCP server from the package's upstream GitHub repo. It has dangerous user-invoked remote execution and agent/plugin setup capability, but no unconsented npm lifecycle mutation or confirmed malicious chain.
Decision evidence
public snapshot- run.js bin entrypoint bootstraps ~/.tdpilot by cloning https://github.com/dreamrec/TDPilot.git or downloading main.zip.
- run.js/plugin.js install uv by piping https://astral.sh/uv/0.6.10 installer to sh or PowerShell iex when uv is missing.
- run.js executes the downloaded checkout with uv run --directory ~/.tdpilot tdpilot.
- plugin.js explicit plugin-install adds dreamrec/TDPilot marketplace and installs tdpilot@dreamrec-TDPilot into Claude Code.
- package.json defines no preinstall/install/postinstall lifecycle scripts; risky behavior is user-invoked via bin/subcommands.
- Remote endpoints are package-aligned with declared repository/homepage and expected uv toolchain bootstrap.
- run.js pins git clones to latest reachable tag and only auto-updates when TDPILOT_AUTO_UPDATE=1.
- No credential harvesting, stealth persistence, destructive behavior, or exfiltration found in inspected package files.
Source & flagged code
3 flagged · loading sourceA package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
run.jsView on unpkg · L14