AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is a remote AI-agent daemon with explicit pairing, authenticated local control, optional autostart, and server-directed session management that match the package purpose.
Decision evidence
public snapshot- dist/autostart.js can create LaunchAgent/systemd/Run-key persistence after CLI start/restart when credentials exist.
- dist/daemonRpcHandler.js exposes authenticated server RPCs to spawn/stop agent sessions and trigger upgrades.
- dist/spawnConsole.js can run server-provided startupScripts before launching a session.
- package.json has no install/preinstall/postinstall lifecycle hooks.
- dist/ensureDaemon.js only spawns local dist/daemonEntry.js on user CLI use, not import/install time.
- dist/rpc/controlServer.js binds local HTTP control to 127.0.0.1 and requires a random bearer token from daemon state.
- dist/brand.js endpoints are package-aligned AgentDock/YarkAI/CCPark APIs, not hidden exfiltration hosts.
- dist/pairing/credentials.js stores pairing credentials locally with mode 0600; no broad credential harvesting found.
- History/activity uploads in dist/historySyncService.js and dist/activityUploader.js are tied to paired server features/settings.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
dist/processTree.jsView on unpkg · L1Package source references weak cryptographic algorithms.
dist/subagentIds.jsView on unpkg · L1Source writes installer persistence such as shell profile or service configuration.
dist/autostart.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/ensureDaemon.jsView on unpkg · L1Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/ensureDaemon.jsView on unpkg · L1