AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious install-time or import-time attack surface was established. The package is a P2P/LLM document agent with explicit CLI/web runtime behavior, local state writes, provider API calls, and user-invoked harness commands that can append AGENTS.md/CLAUDE.md.
Decision evidence
public snapshot- package.json declares postinstall, but scripts/postinstall.js is absent from shipped files; install would fail rather than run hidden code.
- dist/index.js starts network/bootstrap logic only when CLI entry executes; no import-time payload beyond main entry use.
- User-invoked harness commands append AGENTS.md/CLAUDE.md in cwd, creating an AI-agent control-surface write capability.
- bin/ipfs is a large native binary shipped for local IPFS/P2P functionality.
- bin/bolloon-cli.cjs and dist/cli-entry.js only spawn packaged dist/electron.js or dist/index.js on explicit bolloon CLI use.
- dist/utils/auto-update.js disables update checks by default and requires --update-check/--update-now/--allow-update or BOLLOON_AUTO_UPDATE=1.
- dist/llm/pi-ai.js sends configured API keys only to selected LLM provider endpoints or env-overridden base URLs.
- dist/security/input-scanner.js unicode/control-character logic is a scanner for user input, not a Trojan Source payload.
- dist/web/server.js binds to 127.0.0.1 by default unless BOLLOON_HOST is set.
- No credential harvesting, destructive filesystem action, persistence install, or covert exfiltration found in inspected entrypoints.
Source & flagged code
9 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
bin/bolloon.cjsView on unpkg · L1Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/heartbeat/StartupVerifier.jsView on unpkg · L89Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/security/input-scanner.jsView on unpkg · L56Package ships non-JavaScript build or shell helper files.
bin/bolloon.cmdView on unpkgPackage ships high-entropy non-source blobs.
dist/web/icons/favicon.icnsView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
dist/cli-entry.jsView on unpkg