AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The risky primitives are lifecycle symlinking, a shipped Windows mailto launcher, registry writes, child process use, and network/API access, but inspected call sites are package-aligned and user-invoked or runtime app behavior.
Decision evidence
public snapshot- package.json defines postinstall lifecycle script
- bin/mailx.js can copy bin/rmfmailto.exe to %LOCALAPPDATA% and write HKCU mailto registry keys when -register-mailto is invoked
- bin/mailx.js includes user-triggered global update path: npm install -g @bobfrankston/rmfmail
- packages/mailx-service/index.js can send user text to configured AI providers
- bin/postinstall.js only enforces Node version and symlinks package workspace dirs under package node_modules/@bobfrankston
- No install-time writes to AI-agent control surfaces, shell startup, VCS hooks, autostart, or foreign project files found
- Registry/mailto handler changes are gated by explicit CLI flags, not postinstall/import-time execution
- Native bin/rmfmailto.exe has matching Rust source that launches node mailx.js --mailto for OS mailto handling
- Network endpoints are package-aligned email/calendar/cloud/AI features and require runtime configuration or user action
- No credential harvesting or exfiltration beyond normal configured OAuth/API-key use for an email client found
Source & flagged code
15 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
bin/mailx.jsView on unpkg · L53Package source invokes a package manager install command at runtime.
bin/mailx.jsView on unpkg · L2175Source writes installer persistence such as shell profile or service configuration.
bin/mailx.jsView on unpkg · L53Package source references a known benign dynamic code generation pattern.
client/lib/quill/quill.jsView on unpkg · L1Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
bin/lean-accounts.jsView on unpkg · L137Package source references dynamic require/import behavior.
bin/lean-accounts.jsView on unpkg · L136Package source references weak cryptographic algorithms.
bin/build-bundles.mjsView on unpkg · L5This package version adds a dangerous source file absent from the previous stored version.
packages/mailx-service/index.jsView on unpkg