AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The npm `postinstall` automatically detects and mutates installed Cursor, Codex CLI, and Claude MCP configuration. It also may install/start a local daemon autostart path on Linux/WSL. This is an unconsented install-time mutation of broad foreign AI-agent control surfaces.
Decision evidence
public snapshot- `package.json` runs `node scripts/postinstall.js` during installation.
- `scripts/postinstall.js` invokes bootstrap automatically unless opt-out/CI guards apply.
- `lib/bootstrap/orchestrator.js` enables auto-configuration in install mode.
- `lib/harness/registry.js` targets Cursor, Codex CLI, Claude Code, and Claude Desktop.
- `lib/harness/paths.js` resolves foreign agent config paths such as `~/.codex/config.toml` and `~/.claude.json`.
- `lib/harness/write_all.js` writes MCP launch entries into detected agent configs.
- No install-time network API use was found; npm registry HTTPS is limited to explicit `terminal-commander update`.
- Child processes generally use `shell: false`; no dynamic eval or remote payload loading was found.
- Agent configuration is limited to package-owned MCP server stanzas and includes opt-out variables.
Source & flagged code
6 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
bin/terminal-commanderd.jsView on unpkg · L11Source writes installer persistence such as shell profile or service configuration.
lib/daemon/autostart.jsView on unpkg · L11Package source invokes a package manager install command at runtime.
lib/wsl/native-mcp.jsView on unpkg · L37This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/terminal-commander.jsView on unpkg