AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious install-time or import-time attack surface. The preinstall hook is a swallowed require of a file absent from the package, so it is a no-op.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
Package installation invokes the no-op preinstall; CLI publishing and server networking require explicit user/runtime actions.
Impact
No unconsented persistence, credential exfiltration, destructive action, or remote payload execution established.
Mechanism
Explicit SDK CLI deployment/publishing and user-configured server request handling.
Rationale
The static block signal is a false positive: the only lifecycle hook catches an attempted require of a nonexistent package file. Sensitive primitives are confined to explicit SDK CLI/server operations, with no concrete malicious chain.
Evidence
package.jsonsrc/cli/publish.tssrc/cli/dotenv.tssrc/server/start.tssrc/server/worker-entry.tssrc/deploy/check.tssrc/cli/run.tssrc/server/create.ts
Decision evidence
public snapshotAI called this Clean at 98.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- `package.json` preinstall only attempts to require absent `.check-workspace.cjs` and suppresses failure.
- No `install`, `postinstall`, or `prepare` hook is declared.
- `src/cli/publish.ts` subprocess and npm actions occur only through explicit CLI publish commands.
- `src/cli/dotenv.ts` reads only adapter-declared secret files; no exfiltration call is present.
- `src/server/start.ts` dynamically imports the optional Node server only when its runtime function is called.
- No eval, Function constructor, shell execution, AI-agent config access, or hard-coded exfiltration endpoint found.
Behavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
WildcardDependency
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.preinstall = node -e "try{require('./.check-workspace.cjs')}catch{}"
Critical
Red Install Lifecycle Script
Install-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkg•scripts.preinstall = node -e "try{require('./.check-workspace.cjs')}catch{}"
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgdist/server/start.jsView file
10// bundles (wrangler/esbuild) traverse it even though they never call it. A
L11: // literal import() would make them resolve the optional peer and fail.
L12: const nodeServerModule = '@hono/node-server';
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/server/start.jsView on unpkg · L10Findings
1 Critical1 High5 Medium4 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumDynamic Requiredist/server/start.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings