AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is an intended local MCP memory server with user-invoked registration into AI client configs and optional user-configured encrypted sync.
Decision evidence
public snapshot- package.json has postinstall that removes better-sqlite3 build dirs and runs npm rebuild better-sqlite3
- dist/index.js user-invoked init writes MCP server entries into Claude/Cursor/Continue/Cline configs
- dist/adapters/terminal/index.js can add a tagged crontab entry for Aider context refresh after setup prompt
- dist/sync.js sends encrypted ledger events to user-configured cloud_endpoint
- No install-time AI-agent config mutation found; postinstall is limited to native dependency rebuild cleanup
- MCP/client config writes are under explicit commands: init, setup, or adapter add terminal
- HTTP server binds to 127.0.0.1 with bearer token and self-signed TLS
- Keychain access is for storing/reading this package's passphrase, with timeouts and explicit store path
- No hardcoded exfiltration endpoint; sync endpoint is user-set via config
- No remote code execution, obfuscated payload, destructive filesystem logic, or credential harvesting found
Source & flagged code
4 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
dist/server.jsView on unpkg · L4This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/index.jsView on unpkg