AI Security Review
scanned 3d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface. The main risk is explicit user-command setup of first-party AI-agent hooks, skills, scheduler jobs, and optional Google integrations.
Decision evidence
public snapshot- User-invoked sync/init writes Claude/Codex managed blocks, hooks, and skill links in src/cli/sync.js and src/adapters/*.js.
- src/adapters/codex.js registers SessionStart/Stop command hooks in ~/.codex/hooks.json, requiring Codex trust via /hooks.
- src/cli/schedule.js and src/scheduler/generators.js create launchd/systemd scheduler entries for user-added jobs.
- src/core/update-check.js performs bounded opt-out npm registry update check.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- AI-agent config mutation is via explicit CLI commands, package-namespaced skills/hooks, and manifest tracking, not install-time stealth.
- Hook scripts are copied from templates/hooks and used for local session digest behavior; no remote payload loading found.
- Google Workspace access is explicit OAuth/user command with stored local tokens and Google API scopes, not credential harvesting.
- Child process use is package-aligned: git vault setup, scheduler registration, claude/codex job execution with bounded env/watchdogs.
Source & flagged code
4 flagged · loading sourcePackage source references weak cryptographic algorithms.
src/core/vault.jsView on unpkg · L6Source writes installer persistence such as shell profile or service configuration.
src/scheduler/generators.jsView on unpkg · L4Package ships non-JavaScript build or shell helper files.
templates/hooks/codex-session-end.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/cli/run-job.jsView on unpkg