AI Security Review
scanned 2h ago · by lpm-firewall-aiNo install-time or import-time attack behavior is established. The CLI intentionally gives user-invoked agent sessions optional shell, filesystem, web, plugin, and MCP capabilities.
Decision evidence
public snapshot- `dist/chunk-RNOYLQCV.js` exposes explicit `chat` and `run` commands with filesystem, shell, and web tools.
- `dist/chunk-RNOYLQCV.js` runs configured shell hooks with `sh -c` and starts configured MCP commands.
- `dist/chunk-RNOYLQCV.js` loads project/global TypeScript config modules and optional plugin modules at user command runtime.
- `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle hook.
- `dist/bin.js` only parses CLI arguments after the user invokes `agentskit`.
- Environment API keys are resolved for selected model/integration providers; no source sends arbitrary environment data to an unrelated endpoint.
- Registry downloads and project writes occur only through explicit `agentskit add`/`update` commands.
Source & flagged code
5 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/chunk-RNOYLQCV.jsView on unpkg · L7Package source references child process execution.
dist/chunk-RNOYLQCV.jsView on unpkg · L7Source exposes local file and command tools to a remote model endpoint.
dist/chunk-RNOYLQCV.jsView on unpkg · L7Package source references dynamic require/import behavior.
dist/chunk-RNOYLQCV.jsView on unpkg · L38A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.cjsView on unpkg · L17