AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a macOS iMessage adapter that, when user-run, reads allowlisted iMessage chats via imsg, stores events in USRCP ledger/stream, and calls Anthropic for summaries/replies.
Decision evidence
public snapshot- package.json postinstall deletes better-sqlite3 build dirs and runs npm rebuild at install time
- dist/index.js spawns imsg watch and can send replies via imsg send at runtime
- dist/setup.js validates Anthropic API keys and runtime dist/llm.js sends message content to Anthropic API
- postinstall is limited to better-sqlite3 native rebuild paths under node_modules; no foreign AI-agent or persistence surface writes found
- dist/index.js only starts watcher when run as CLI entrypoint, not on import
- iMessage capture/reply is gated by local config allowlisted_chats and user setup
- Config writes are package-aligned via usrcp-adapter-kit imessage-config.json; no credential harvesting beyond prompted Anthropic key
- No suspicious remote payload loading, eval/vm, broad filesystem harvesting, or hardcoded exfiltration endpoints found
Source & flagged code
3 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/setup.jsView on unpkg · L197