AI Security Review
scanned 3h ago · by lpm-firewall-aiPackage provides a user-invoked Aiden runtime daemon that can receive remote tasks and launch local AI agent CLIs. This is a dangerous agent-control capability, but source inspection did not find unconsented install-time hijacking or credential exfiltration.
Decision evidence
public snapshot- dist/index.cjs exposes setup/login/daemon commands for a durable Aiden runtime.
- dist/index.cjs daemon connects to configured WS and accepts remote agent.execute payloads.
- dist/index.cjs launches local AI CLIs including claude/codex/cursor/opencode/gemini from remote run payloads.
- dist/index.cjs can pass --dangerously-skip-permissions to supported backends when not read-only.
- dist/updater.js can run npm install -g @aiden-ade/sandbox-agent@<version> and respawn aiden-agent.
- package.json has no npm lifecycle hooks; bin is user-invoked ./dist/index.cjs.
- setup/login require explicit command plus setup token, PAT, or browser device approval before durable daemon config is written.
- Config writes are scoped to ~/.aiden/agent/config.json unless overridden by AIDEN_AGENT_CONFIG_PATH.
- No evidence of install-time writes to foreign AI control surfaces such as .mcp.json, CLAUDE.md, or Claude/Codex settings.
- Scanner remote decode/execute hit is bundled xmlhttprequest-ssl sync request code, not package-specific payload loading.
Source & flagged code
5 flagged · loading sourcePackage source invokes a package manager install command at runtime.
dist/updater.jsView on unpkg · L18Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/index.cjsView on unpkg · L32A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.cjsView on unpkgPackage source references weak cryptographic algorithms.
dist/index.cjsView on unpkg · L32