AI Security Review
scanned 4h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time attack surface. The package is an AI/job-matching CLI that can, after explicit user prompts, modify Claude spinner/statusLine settings and register a terminalhire MCP server in supported hosts.
Decision evidence
public snapshot- install.js can write ~/.claude/settings.json spinnerVerbs/spinnerTipsOverride after typed yes
- statusline-install.js can copy launcher to ~/.terminalhire/statusline-launch.js and set ~/.claude/settings.json statusLine after typed yes
- dist/bin/mcp-config.js can merge terminalhire MCP entries into ~/.cursor/mcp.json or ~/.gemini/settings.json after prompts
- dist/bin/jpi-init.js orchestrates GitHub login, job cache fetch, Claude spinner/statusLine setup, and optional MCP setup
- dist/bin/jpi-dispatch.js includes commands that read ~/.claude/projects and can sync/profile/lead to terminalhire.com with user command flow
- package.json postinstall runs only postinstall.js, which prints a notice and exits without file writes or network
- install.js and statusline-install.js are guarded by interactive typed consent and no-op/abort on noninteractive input
- MCP config writer only touches detected Cursor/Gemini configs after per-host y/yes prompts and prints other host snippets instead of writing
- Network endpoints are package-aligned or expected public sources: terminalhire.com, github.com/api.github.com, job-board APIs
- Local tokens/profile are stored under ~/.terminalhire with encryption helpers; no import-time credential harvesting found
- No lifecycle-triggered unconsented mutation of foreign AI-agent control surfaces found
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/bin/jpi-chat.jsView on unpkg · L5086Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/bin/jpi-chat.jsView on unpkg · L128This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/bin/jpi-dispatch.jsView on unpkgPackage source references a known benign dynamic code generation pattern.
dist/bin/jpi-dispatch.jsView on unpkg · L25761Package source references dynamic require/import behavior.
dist/bin/jpi-init.jsView on unpkg · L347A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/bin/jpi.jsView on unpkg · L5Source collects local host identity data and sends it to an external endpoint.
dist/bin/jpi-refresh.jsView on unpkg · L60Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/bin/jpi-sync.jsView on unpkg · L128