AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was established. The package has first-party lifecycle setup and runtime plugin/adapter loading under ~/.webcmd, which is package-aligned but security-sensitive.
Decision evidence
public snapshot- package.json runs postinstall and preuninstall lifecycle scripts.
- scripts/postinstall.js writes shell completion files and ~/.webcmd/spotify.env on global install.
- scripts/fetch-adapters.js can delete package-owned ~/.webcmd/clis overrides and legacy ~/.webcmd shim files on global/explicit/first-run sync.
- dist/src/discovery.js imports user/plugin JS from ~/.webcmd/clis and ~/.webcmd/plugins at runtime.
- dist/src/skills.js can symlink bundled skills into .agents/.codex/.claude skills folders, but only via explicit webcmd skills install/update commands.
- No install-time mutation of foreign/broad AI-agent control files was found.
- postinstall is gated to global installs for completions and adapter sync; it does not fetch remote code.
- dist/src/update-check.js has update checks disabled and points to invalid.example placeholders.
- dist/src/external.js uses execFileSync/spawnSync for user-invoked external CLI passthrough and rejects shell operators in install commands.
- Network access and browser automation are core package functionality and mostly user-invoked adapters.
- No credential harvesting, exfiltration endpoint, destructive broad filesystem action, or stealth persistence found.
Source & flagged code
11 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/src/external.test.jsView on unpkg · L9Package source references a known benign dynamic code generation pattern.
dist/src/browser.test.jsView on unpkg · L294Package source references dynamic require/import behavior.
dist/src/discovery.jsView on unpkg · L257Package source references weak cryptographic algorithms.
clis/grok/image.jsView on unpkg · L6Source writes installer persistence such as shell profile or service configuration.
scripts/postinstall.jsView on unpkg · L7Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/src/cli.jsView on unpkg · L62This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/src/release-notes.jsView on unpkgHardcoded password in dist/src/observation/redaction.test.js
dist/src/observation/redaction.test.jsView on unpkg · L28