AI Security Review
scanned 6d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was found. The package does expose first-party AI-agent hook/plugin setup that can modify Claude/Codex hook configs when explicitly invoked.
Decision evidence
public snapshot- .claude-plugin/plugin.json registers first-party Claude hooks that run package scripts from hooks/*.sh
- dist/cli.js wireCodexHooks writes .codex/config.toml with npx vigiles hook-runtime commands during explicit plugin init
- dist/cli.js installHookFile can merge compiled user-authored hooks into .claude/settings.json or .codex/config.toml
- dist/eval.js and harness code spawn local claude/codex processes for explicit eval/test features
- package.json has no preinstall/install/postinstall lifecycle scripts
- package main dist/core/spec.js is builder/helper exports, not import-time attack code
- Hook and config mutation paths are CLI/user-invoked, not automatic npm install behavior
- Network references are package-aligned testing/sandbox/model endpoints; no credential exfiltration endpoint found
- Shell hooks run local npx vigiles lint/compile/generate tasks and do not harvest secrets
Source & flagged code
6 flagged · loading sourcePackage source references child process execution.
dist/dialect-drift.jsView on unpkg · L47Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L121Package source references a known benign dynamic code generation pattern.
dist/cli.jsView on unpkg · L3598Package source references dynamic require/import behavior.
dist/eval-baseline.jsView on unpkg · L26Package ships non-JavaScript build or shell helper files.
hooks/post-edit.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/eval.jsView on unpkg