AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is an Aiden agent CLI/daemon that can run local AI provider CLIs and connect to Aiden WebSocket endpoints after user setup or AIDEN_* runtime launch.
Decision evidence
public snapshot- dist/index.cjs:13220 daemon accepts authenticated WS agent.execute payloads and runs CoreAgent on requested projectPath
- dist/core-agent.js:84 inherits process.env into provider CLI environment
- dist/index.cjs:5070 reads Claude credentials to query Anthropic usage; dist/index.cjs:4992 spawns codex read-only app-server for rate limits
- dist/updater.js has npm global self-update helpers, though no reachable caller found in entrypoint
- package.json has no install/preinstall/postinstall lifecycle hooks
- package.json bin points to dist/index.cjs; execution requires user CLI invocation or AIDEN_* session env
- dist/index.cjs setup/login writes Aiden runtime config only after explicit setup/login/device auth
- Network endpoints are Aiden/localhost/Anthropic usage APIs and align with agent runtime functions
- No eval/new Function or remote asset decode-and-execute found; scanner hit is bundled xmlhttprequest sync helper/base64 transport code
- dist/updater.js installUpdate/respawnAgent are not referenced from dist/index.cjs or JS entry files
Source & flagged code
5 flagged · loading sourcePackage source invokes a package manager install command at runtime.
dist/updater.jsView on unpkg · L18Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/index.cjsView on unpkg · L32A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.cjsView on unpkgPackage source references weak cryptographic algorithms.
dist/index.cjsView on unpkg · L32