AI Security Review
scanned 6h ago · by lpm-firewall-aiNo confirmed malicious attack surface. Network, keyring, MCP, and child_process behavior are aligned with an E2EE secret-manager CLI and require explicit user commands or opt-in flags.
Decision evidence
public snapshot- package.json has no install/preinstall/postinstall lifecycle hooks
- src/index.ts only dispatches explicit athsra CLI commands
- src/lib/oidc-flow.ts child_process use only opens browser/WSL URL during login
- src/commands/run.ts executes a user-supplied command only via explicit athsra run
- src/commands/mcp.ts install is dry-run by default and writes MCP config only with --apply
- MCP write/value/admin tools are gated by ATHSRA_MCP_* env opt-ins and confirmations
Source & flagged code
5 flagged · loading sourceSource matches reverse-shell style process and socket wiring.
src/lib/oidc-flow.tsView on unpkg · L5A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
src/lib/oidc-flow.tsView on unpkg · L5Package source references child process execution.
src/lib/oidc-flow.tsView on unpkg · L10Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
src/commands/login.tsView on unpkg · L82