AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a local Alfe gateway daemon with high-privilege, user-invoked control-plane features that match its README and CLI purpose.
Decision evidence
public snapshot- dist/health.js accepts authenticated cloud COMMAND messages for daemon.update/runtime.update/restart and registered integration commands.
- dist/health.js can write launchd/systemd units only via CLI install command.
- dist/health.js exposes local IPC methods to add/remove MCP servers and call MCP tools.
- dist/health.js can spawn openclaw/hermes runtimes and run npm install during explicit update commands.
- package.json has no install/preinstall/postinstall lifecycle hooks.
- dist/bin/gateway.js only dispatches user CLI commands; no import-time daemon start.
- dist/health.js network use is aligned with documented Alfe API/WebSocket gateway behavior.
- Scanner eval hits are vendored dependency code such as zod/es-errors, not remote decode/execute logic.
- Persistence writes are explicit alfe-gateway install/start behavior documented in README.md.
- No credential harvesting beyond reading configured Alfe API key for authenticated service operation.
Source & flagged code
6 flagged · loading sourceSource fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/health.jsView on unpkg · L3A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/health.jsView on unpkgPackage source references dynamic require/import behavior.
dist/health.jsView on unpkg · L58Source writes installer persistence such as shell profile or service configuration.
dist/health.jsView on unpkg · L3