AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a Claude team-harness installer that writes .claude skills, agents, hooks, settings, knowledge files, and examples only when the CLI is run; postinstall only displays guidance.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/install.js --post-install
- scripts/install.js user-invoked CLI can merge .claude/settings.json hooks and permissions
- scripts/install.js can clone/pull https://github.com/agilantsolutions/claude and query npm view toga-ai version
- scripts/install.js --post-install prints setup instructions and exits before project .claude writes
- Project writes are tied to explicit toga-ai/npx invocation and match package description as a Claude harness installer
- No credential harvesting or exfiltration found; env refs are config inputs for team tools
- Network endpoints are package-aligned update/docs/tool integrations, not covert destinations
- No eval/vm/native payload or import-time execution beyond CLI dispatch found
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install.jsView on unpkg · L1Hardcoded password in rules/common/security.md
rules/common/security.mdView on unpkg · L62