AI Security Review
scanned 9h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was found. The package has explicit setup commands that install a first-party MCP plugin and mutate AI-agent config/instruction files, which is a guarded agent extension lifecycle risk rather than install-time hijacking.
Decision evidence
public snapshot- cli.ts setup writes agent MCP configs for Cursor/Codex/Copilot/Antigravity and appends instructions to agent files.
- cli.ts setup copies plugin files into plugins/typegraph-mcp and runs npm install --include=optional in that directory.
- hooks/hooks.json defines a Claude SessionStart command invoking scripts/ensure-deps.sh, which can run npm install in the plugin dir.
- cli.ts remove can delete package-owned plugin dirs and selected typegraph skill dirs, plus guarded stale Codex config cleanup.
- package.json has no preinstall/install/postinstall lifecycle scripts.
- Agent config mutation is behind explicit typegraph-mcp setup/remove commands, not npm install/import time.
- MCP server behavior in server.ts is local TypeScript navigation over stdio; no fetch/http exfiltration code found.
- Child process use is package-aligned: tsserver spawning and setup dependency install.
- Network endpoints are limited to repository/docs URLs and npm install behavior, not hardcoded exfiltration endpoints.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
tsserver-client.tsView on unpkg · L10Package source references dynamic require/import behavior.
dist/check.jsView on unpkg · L123This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
cli.tsView on unpkgPackage source invokes a package manager install command at runtime.
cli.tsView on unpkg · L1067Package ships non-JavaScript build or shell helper files.
scripts/ensure-deps.shView on unpkg