AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No unconsented install-time attack surface was confirmed. An explicit user command can register this package's MCP server in AI-client configuration, causing that server to run when the configured client starts.
Decision evidence
public snapshot- `unspa init` merges an `unspaghettit` MCP entry into selected AI-client configs.
- The generated MCP entry launches `mcp-server/bin.cjs` via Node on future client starts.
- The runtime performs a public update check against npm and caches its result.
- Bundled skill/context installation can modify the current project when `init` is invoked.
- `package.json` has only `prepublishOnly`; no preinstall/install/postinstall hook exists.
- AI-client config mutation is confined to the explicit `unspa init` command and supports detected/selected clients.
- No source-side `eval`, `vm`, native binary loading, credential harvesting, or arbitrary shell execution was found.
- The flagged bundle contains one U+200B character; source files contain no bidi controls and no hidden execution chain was established.
Source & flagged code
4 flagged · loading sourcePackage source references dynamic require/import behavior.
mcp-server/bin.cjsView on unpkg · L6Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
build/client/_app/immutable/chunks/DNzq6p3w2.jsView on unpkg · L46Package ships compressed or archive-like blobs.
build/client/lyriks_logo.svg.gzView on unpkgPackage ships high-entropy non-source blobs.
build/client/_app/immutable/nodes/4.ClVWSTyD.js.brView on unpkg