Run 1300 web accessibility tests from 10 tools and get a standardized report
LPM treats this as warn-only first-party agent extension lifecycle risk. No automatic install-time attack behavior was found. The package ships a first-party Claude Code permission configuration that can allow Git mutations when the package workspace is opened in that agent.
Package source references a known benign dynamic code generation pattern.
procs/testaro.jsView on unpkg · L46Package ships high-entropy non-source blobs.
validation/tests/targets/nonTable/gong.m4aView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
validation/tests/targets/nonTable/gong.m4aView on unpkgPackage source references a known benign dynamic code generation pattern.
procs/testaro.jsView on unpkg · L46Package ships high-entropy non-source blobs.
validation/tests/targets/nonTable/gong.m4aView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
validation/tests/targets/nonTable/gong.m4aView on unpkg