AI Security Review
scanned 2h ago · by lpm-firewall-aiThe only install-adjacent behavior is `prepare: husky || true`, which may attempt first-party VCS hook initialization in source/git installs. Runtime shell and network behavior is tied to explicit CLI operations for AWS infrastructure, MCP setup, or local project scripts; no concrete malicious chain was found.
Decision evidence
public snapshot- `package.json` defines `prepare: husky || true`, a lifecycle-triggered VCS-hook setup attempt.
- `src/lib/bootstrap-command-handler.js` runs AWS/CDK commands only from the explicit `bootstrap` flow.
- `src/lib/mcp-command-handler.js` can run `npm install --production` only when the user explicitly adds/initializes an MCP server.
- No `preinstall`, `install`, or `postinstall` lifecycle hook is present in `package.json`.
- `bin/cli.js` invokes the Python advisor only through the explicit `hey` command.
- `src/agent/tools/execute_script.py` restricts execution to permitted project scripts, validates flags, uses direct execution without a shell, and prompts by default.
- `templates/test/test_local_image.sh` only builds and probes a local Docker container.
- No source evidence of credential harvesting, third-party exfiltration, remote payload loading, destructive behavior, or AI-agent control-surface writes.
Source & flagged code
6 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/cli.jsView on unpkgPackage source references shell execution.
src/lib/bootstrap-command-handler.jsView on unpkg · L901Package source invokes a package manager install command at runtime.
src/lib/bootstrap-command-handler.jsView on unpkg · L457Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
templates/test/test_local_image.shView on unpkgPackage ships non-JavaScript build or shell helper files.
templates/test/test_local_image.shView on unpkg