AI Security Review
scanned 9d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is an AI coding harness installer with user-invoked .claude integration and helper scripts for team workflows.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/install.js --post-install
- scripts/install.js user-invoked path writes project .claude skills/agents/hooks/settings/knowledge
- scripts/install.js can run npm view and git ls-remote/clone/pull against declared repo
- skills/plan-ticket/scripts/talos.js stores user-provided tokens in ~/.talos/credentials.json
- postinstall branch only prints first-time setup and exits before .claude writes
- AI-agent hook/settings mutation happens on explicit toga-ai/npx invocation, matching package description
- No install-time credential harvesting, filesystem scanning, exfiltration, persistence, or destructive behavior found
- Network endpoints are package-aligned: npm registry, declared GitHub repo, ClickUp/Talos helper APIs
- mcp-configs/mcp-servers.json is an example template, not automatically merged into .mcp.json
- Hook scripts are guard/reminder/validation logic and do not exfiltrate secrets
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install.jsView on unpkg · L1Hardcoded password in rules/common/security.md
rules/common/security.mdView on unpkg · L62