AI Security Review
scanned 11d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. This package installs a first-party AI-agent memory extension when the user runs `window-memory init`. It mutates Claude/Cursor/Codex/Windsurf control surfaces and adds daemon autostart, but this is explicit setup and package-aligned rather than install-time hijack.
Decision evidence
public snapshot- dist/init-tools.js explicitly writes MCP entries, global rules, and hooks for Claude Code, Cursor, Codex, and Windsurf on `window-memory init`.
- dist/index.js `init` calls `registerAllInstalledTools` and `enableAutostart`, then starts the daemon.
- dist/autostart.js creates login persistence via Windows Startup VBS, macOS LaunchAgent, or systemd user service.
- dist/watcher.js watches Claude/Cursor/Codex session stores under the user's home directory.
- dist/analyzer.js can send redacted session text to managed Supabase function or OpenAI/Google/Anthropic APIs.
- package.json has no preinstall/install/postinstall hook; only `prepublishOnly`, so setup is not install-time.
- Agent config mutation is activated by explicit `init` or `doctor --repair`, not package import.
- README.md describes this as an AI memory/MCP integration, aligning the hooks, watcher, local API, and cloud sync behavior with package purpose.
- dist/security.js masks common secret patterns before analysis and logs.
- Cloud sync uses saved Supabase session/billing state and package-owned Supabase URL, not arbitrary exfiltration endpoints.
- No remote payload download/eval or destructive project mutation found in inspected entrypoints.
Source & flagged code
7 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/cloud-config.jsView on unpkg · L5Supabase service role key (JWT) in dist/cloud-config.js
dist/cloud-config.jsView on unpkg · L5Package source references child process execution.
dist/node-runtime.jsView on unpkg · L19Package source references dynamic require/import behavior.
dist/security.jsView on unpkg · L9Source writes installer persistence such as shell profile or service configuration.
dist/autostart.jsView on unpkg · L40Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/cursor-hook-bridge.mjsView on unpkg · L8This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/identity.jsView on unpkg