AI Security Review
scanned 13d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. Suspicious primitives are user-invoked ML container, AWS provisioning, MCP setup, and template-generation behavior aligned with the package purpose.
Decision evidence
public snapshot- package.json declares self-dependency "@aws/ml-container-creator": "^1.0.2", an unusual packaging issue.
- package.json main points to missing src/index.js, but CLI bin uses bin/cli.js.
- src/lib/mcp-command-handler.js can run npm install --production for bundled MCP servers, only after user invokes mcp add/init.
- package.json has no preinstall/install/postinstall hook; prepare is only "husky || true".
- bin/cli.js only dispatches user-invoked commands and runs python3 for the explicit hey advisor command.
- src/app.js writes generated ML project templates to user-selected destination, with guard against overwriting the generator package.
- src/lib/bootstrap-command-handler.js AWS/npx/ npm commands are tied to explicit bootstrap/CI provisioning actions.
- templates/test/test_local_image.sh is a Docker/curl local test template, not install/import executed.
- No credential harvesting or exfiltration logic found in inspected entrypoints.
Source & flagged code
6 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/cli.jsView on unpkgPackage source references shell execution.
src/lib/bootstrap-command-handler.jsView on unpkg · L244Package source invokes a package manager install command at runtime.
src/lib/bootstrap-command-handler.jsView on unpkg · L416Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
templates/test/test_local_image.shView on unpkgPackage ships non-JavaScript build or shell helper files.
templates/test/test_local_image.shView on unpkg