AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a Claude Code team harness that writes .claude workflow files only during explicit CLI use; postinstall only displays instructions.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/install.js --post-install.
- scripts/install.js user-invoked bin copies skills/agents/hooks/rules/knowledge into project .claude/ and merges .claude/settings.json.
- .claude/settings.json template wires Claude Code hooks and broad Bash permissions for project workflow.
- scripts/install.js can run npm view and git ls-remote/clone/pull against the declared team repo when not postinstall.
- scripts/install.js --post-install prints setup instructions and exits before mutating project files.
- Install-time code does not harvest credentials, read arbitrary user files, persist globally, or exfiltrate data.
- Network use is package-aligned update/version logic for npm and https://github.com/agilantsolutions/claude.
- AI-agent control files are the advertised purpose: a Claude harness installer invoked by toga-ai/npx toga-ai.
- Hook scripts inspected are local workflow gates/validators and do not contain hidden payload download or exfiltration.
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install.jsView on unpkg · L1Hardcoded password in rules/common/security.md
rules/common/security.mdView on unpkg · L62