AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack chain was established. The package does perform first-party install/runtime setup under ~/.webcmd and shell completion directories, plus explicit plugin/browser capabilities aligned with its CLI purpose.
Decision evidence
public snapshot- package.json runs postinstall and preuninstall lifecycle scripts
- scripts/postinstall.js writes shell completions and ~/.webcmd/spotify.env on global install
- scripts/fetch-adapters.js can delete stale ~/.webcmd/clis site override directories and legacy shim files
- dist/src/discovery.js creates ~/.webcmd/node_modules/@agentrhq/webcmd symlink/runtime files at CLI startup
- dist/src/plugin.js supports explicit user plugin installs from git/local sources with dependency install
- scripts/postinstall.js is gated to global installs and only prints rc-file instructions instead of editing shell rc files
- scripts/fetch-adapters.js states no network calls and hashes packaged clis before sparse cleanup
- dist/src/update-check.js has UPDATE_CHECKS_ENABLED=false and uses invalid.example placeholders
- dist/src/external.js parses install commands and rejects shell operators before execFileSync
- plugin install, skill install, browser/daemon actions are explicit CLI commands, not import-time payloads
- No credential harvesting or external exfiltration found in inspected lifecycle/main paths
Source & flagged code
11 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/src/external.test.jsView on unpkg · L9Package source references a known benign dynamic code generation pattern.
dist/src/browser.test.jsView on unpkg · L294Package source references dynamic require/import behavior.
dist/src/discovery.jsView on unpkg · L257Package source references weak cryptographic algorithms.
clis/grok/image.jsView on unpkg · L6Source writes installer persistence such as shell profile or service configuration.
scripts/postinstall.jsView on unpkg · L7This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/src/cli.jsView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/src/cli.jsView on unpkg · L62Hardcoded password in dist/src/observation/redaction.test.js
dist/src/observation/redaction.test.jsView on unpkg · L28