AI Security Review
scanned 11d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Global install silently modifies Claude Code control surfaces if ~/.claude exists. It installs package-supplied agent instructions and changes Claude settings during npm postinstall.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/postinstall.js
- scripts/postinstall.js writes bundled skill/SKILL.md to ~/.claude/skills/tmux-ide/SKILL.md on global install
- scripts/postinstall.js rewrites ~/.claude/settings.json env to set CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1
- packages/daemon/src/tui/integrations/claude.ts can install Claude hooks into ~/.claude/settings.json and ~/.tmux-ide/hooks/claude-state.sh
- skill/SKILL.md instructs agents to use tmux-ide commands and coordinate agent state
- Postinstall only mutates Claude files when npm_config_global is true and ~/.claude exists
- No credential harvesting or external exfiltration found in inspected install script
- Network findings are package-aligned local daemon/update-check behavior, not install-time exfiltration
- Child process use is mostly tmux/git/bun/node for declared tmux IDE functionality
Source & flagged code
8 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
bin/cli.jsView on unpkg · L5685Source writes installer persistence such as shell profile or service configuration.
bin/cli.jsView on unpkg · L113Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
scripts/pack-check-run.mjsView on unpkg · L54Package ships non-JavaScript build or shell helper files.
scripts/check-src-additions.shView on unpkg