AI Security Review
scanned 5h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is an explicit local transition-refinement tool that injects a localhost panel, installs first-party agent skills into the project, and may spawn a configured coding-agent CLI per job. This is a real agent-extension lifecycle risk, but source inspection did not show unconsented install-time mutation or malicious exfiltration.
Decision evidence
public snapshot- bin/cli.mjs live command writes an injected localhost script tag into a discovered or --page HTML file.
- bin/cli.mjs drops package-owned .agents/skills/refine-live and .agents/skills/transitions-dev into the current project.
- bin/cli.mjs --llm can run curl|bash or PowerShell irm|iex installer from cursor.com.
- server/relay.mjs spawns REFINE_AGENT_CMD via sh -c for LLM jobs, and agent-resolve.mjs adds permissive flags for Cursor/Claude/Codex CLIs.
- package.json has no preinstall/install/postinstall lifecycle scripts.
- Risky behavior is behind explicit CLI commands such as live, stop, --llm, or user-configured REFINE_AGENT_CMD, not install-time import execution.
- Network use is local relay/panel plumbing plus documented package-aligned CDNs/installer URLs.
- No credential harvesting, broad file enumeration, persistence outside project .refine files, or remote payload execution beyond explicit Cursor CLI install was found.
Source & flagged code
6 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution with blocking evidence.
bin/cli.mjsView on unpkg · L20Source downloads or fetches remote code and executes it.
bin/cli.mjsView on unpkg · L20A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
bin/cli.mjsView on unpkg · L20Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/cli.mjsView on unpkg · L20