AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a Claude/team knowledge harness that installs local .claude assets only when the user runs the CLI; postinstall does not modify agent control files.
Decision evidence
public snapshot- package.json defines postinstall and bin scripts/install.js.
- scripts/install.js user-invoked install writes project .claude skills/agents/hooks/settings/knowledge and CLAUDE.md.
- scripts/install.js can run npm view and git ls-remote/clone/pull against github.com/agilantsolutions/claude outside postinstall.
- skills/plan-ticket scripts call ClickUp/Talos APIs with user-provided env/local credentials when explicitly run.
- scripts/install.js --post-install prints setup instructions and exits before project .claude writes.
- No install-time credential harvesting or exfiltration found; token/API helpers are skill-invoked tooling.
- Network endpoints are documented/package-aligned: npm registry, GitHub repo, ClickUp, Talos/TOGA APIs.
- Hook scripts are local Claude workflow guards/reminders; no hidden persistence beyond user-invoked harness install.
- knowledge.js child_process/git operations are publish/session commands, not import-time behavior.
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install.jsView on unpkg · L1Hardcoded password in rules/common/security.md
rules/common/security.mdView on unpkg · L62