AI Security Review
scanned 4h ago · by lpm-firewall-aiNo confirmed malicious automatic attack surface was established. The sensitive capabilities are registered as explicit CLI features and require user invocation or user-provided configuration.
Decision evidence
public snapshot- `dist/chunk-RNOYLQCV.js` can spawn configured MCP servers and user-configured shell hooks.
- `dist/chunk-RNOYLQCV.js` supports explicit agent tools including shell and filesystem capabilities.
- `dist/chunk-RNOYLQCV.js` fetches registry content only through the user-invoked `add` command.
- `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
- `dist/bin.js` only constructs and parses the CLI; importing it does not run agent commands.
- Provider keys are selected from documented provider options/env vars for explicit chat/run actions.
- Registry authorization is limited to a configured matching registry base; no arbitrary environment harvesting was found.
- No automatic exfiltration, stealth persistence, destructive action, or foreign AI-agent configuration mutation was found.
Source & flagged code
5 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/chunk-RNOYLQCV.jsView on unpkg · L7Package source references child process execution.
dist/chunk-RNOYLQCV.jsView on unpkg · L7Source exposes local file and command tools to a remote model endpoint.
dist/chunk-RNOYLQCV.jsView on unpkg · L7Package source references dynamic require/import behavior.
dist/chunk-RNOYLQCV.jsView on unpkg · L38A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.cjsView on unpkg · L17