AI Security Review
scanned 5h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was found, but the package intentionally installs first-party AI-agent hooks/skills and scheduler entries after explicit commands. This is package-aligned agent extension behavior, not install-time hijacking.
Decision evidence
public snapshot- src/adapters/codex.js writes AGENTS.md, hooks.json, hook scripts, and ~/.agents/skills on init/sync
- src/adapters/claude.js writes CLAUDE.md, settings.json hooks, and Claude skills on init/sync
- src/cli/schedule.js creates launchd/systemd scheduled job entries for user-requested routines
- src/core/tarball.js implements self-update download/unpack from registry.npmjs.org
- package.json has no preinstall/install/postinstall lifecycle scripts
- bin/wienerdog.js only dispatches user-invoked commands
- templates/hooks/*.sh only read digest or append local queue hints; no exfiltration
- Google Workspace access is interactive OAuth with explicit scopes and local 0600 token storage
- No hardcoded suspicious external C2 endpoint found; registry and Google APIs are package-aligned
Source & flagged code
4 flagged · loading sourcePackage source references weak cryptographic algorithms.
src/core/vault.jsView on unpkg · L6Source writes installer persistence such as shell profile or service configuration.
src/scheduler/generators.jsView on unpkg · L4Package ships non-JavaScript build or shell helper files.
templates/hooks/codex-session-end.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/core/tarball.jsView on unpkg