AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a macOS iMessage adapter with an install-time native rebuild workaround and user-invoked runtime capture/reply behavior.
Decision evidence
public snapshot- package.json postinstall runs install-time shell to rm better-sqlite3 build dirs and npm rebuild better-sqlite3
- dist/index.js spawns imsg watch and sends replies with imsg send at runtime
- dist/setup.js can install imsg via brew and validates Anthropic key during interactive setup
- README.md and dist/index.js describe an iMessage adapter; imsg child_process use is package-aligned
- dist/index.js only starts watcher when run as entrypoint, not on import
- dist/index.js gates capture/replies to configured allowlisted chats
- dist/config.js stores config via usrcp-adapter-kit with anthropic_api_key marked secret
- dist/reader.js sends ledger context to the configured LLM only for triggered allowlisted incoming messages
- No credential harvesting, hidden exfiltration endpoint, persistence, destructive payload, or AI-agent control-surface writes found
Source & flagged code
3 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/setup.jsView on unpkg · L197