AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established by source inspection. The package is an AI/P2P agent with user-invoked shell, update, network, and harness features, plus a broken postinstall declaration.
Decision evidence
public snapshot- package.json declares postinstall: node scripts/postinstall.js, but scripts/ is absent in packed files.
- dist/index.js appends to cwd AGENTS.md on explicit harness-init and CLAUDE.md on explicit harness-classify.
- dist/agents/shell-tool.js exposes shell execution for the agent runtime, guarded by dist/agents/shell-guard.js allow/deny lists.
- dist/utils/auto-update.js can run npm install -g, but only with update flags or BOLLOON_AUTO_UPDATE=1.
- No bundled install-time code target exists for the declared postinstall hook.
- bin/bolloon-cli.cjs and dist/cli-entry.js only spawn packaged runtime/electron after user invokes bolloon.
- No credential harvesting or secret exfiltration found; API keys are read for configured LLM use.
- Network endpoints found are product-aligned/local: IPFS localhost, npm registry, OpenAI/minimax, Google connectivity check.
- AGENTS.md/CLAUDE.md writes are tied to explicit harness commands, not lifecycle/import-time mutation.
Source & flagged code
9 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
bin/bolloon.cjsView on unpkg · L1Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/heartbeat/StartupVerifier.jsView on unpkg · L89Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/security/input-scanner.jsView on unpkg · L56Package ships non-JavaScript build or shell helper files.
bin/bolloon.cmdView on unpkgPackage ships high-entropy non-source blobs.
dist/web/icons/favicon.icnsView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
bin/bolloon-cli.cjsView on unpkg