AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was found. The package has a package-aligned, explicit CLI setup flow that can install first-party MCP entries, context blocks, and skills for AI clients, which is an agent-extension lifecycle risk but not install-time hijacking.
Decision evidence
public snapshot- cli/commands/init.ts registers an MCP server into selected AI client configs, global by default.
- cli/clients/* write package-owned MCP entries for Claude, Cursor, Gemini, Kiro, Windsurf, and Codex configs.
- cli/util/context-files.ts can add managed Unspaghettit blocks to CLAUDE.md and AGENTS.md.
- cli/util/skills.ts copies bundled package skills into .claude/skills/ when a Claude client is selected.
- package.json has no preinstall/install/postinstall hook; only prepublishOnly for publisher checks.
- Agent/client config mutation is behind explicit user command `unspa init`, not npm install/import time.
- MCP entry points run local package server code via stdio; no remote payload download found.
- Network use is local dashboard/sync oriented; no credential harvesting or exfiltration endpoints found.
- Uninstall removes only package-owned MCP entries, managed blocks, skills, and optional user-confirmed local data.
Source & flagged code
5 flagged · loading sourcePackage source references dynamic require/import behavior.
mcp-server/bin.cjsView on unpkg · L6Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
build/client/_app/immutable/chunks/DNzq6p3w2.jsView on unpkg · L46Package ships compressed or archive-like blobs.
build/client/lyriks_logo.svg.gzView on unpkgPackage ships high-entropy non-source blobs.
build/client/_app/immutable/nodes/0.qoKQn--w.js.gzView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
cli/commands/dashboard.tsView on unpkg