AI Security Review
scanned 10d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a high-capability Claude gateway, and inspected command execution, network calls, env loading, workspace writes, and package updates are aligned with documented runtime/admin features.
Decision evidence
public snapshot- package.json has postinstall running `bun install --cwd mcp`.
- dist/api/router.js spawns `claude --print --dangerously-skip-permissions` in admin-authenticated wizard generation.
- dist/api/packages.js admin route can run `npm install -g` for fixed package names.
- dist/index.js writes generated CLAUDE.md into configured agent workspaces at CLI runtime.
- README.md documents a Claude multi-agent gateway with Telegram/Discord/API, MCP tools, self-update, and app install features.
- Network calls are package-aligned: Telegram, Discord, npm registry, GitHub app/skill registries, local gateway callbacks.
- Dangerous command paths are runtime/admin/user-configured, not hidden import-time or install-time exfiltration.
- No credential harvesting or covert exfiltration found; env/bot tokens are loaded for configured channel operation.
Source & flagged code
7 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
dist/discord/receiver.jsView on unpkg · L36Source executes local commands and sends command output to an external endpoint.
dist/api/router.jsView on unpkg · L42A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/api/router.jsView on unpkg · L42A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/api/router.jsView on unpkg · L81Package source invokes a package manager install command at runtime.
dist/api/packages.jsView on unpkg · L192