AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established by source inspection. The package has broad AI-agent, local web, P2P, shell-tool, and update capabilities, but the reviewed paths are user-invoked or guarded and aligned with the package purpose.
Decision evidence
public snapshot- package.json declares postinstall node scripts/postinstall.js but scripts/postinstall.js is absent, so install hook is broken rather than observed malicious code
- package.json depends on @bolloon/bolloon-agent ^0.1.36 despite being the same package, an unusual self-dependency
- bin/ipfs is a bundled Mach-O executable, but no package source path was found executing bin/ipfs
- bin/bolloon-cli.cjs and dist/cli-entry.js only spawn node/electron entrypoints from this package on user CLI invocation
- dist/security/input-scanner.js implements prompt/PII scanning; Unicode/control regexes are scanner logic, not Trojan Source behavior
- dist/web/server.js writes app state under ~/.bolloon and exposes local product APIs; no credential harvesting or external exfiltration path found
- dist/utils/auto-update.js is opt-in via flags or BOLLOON_AUTO_UPDATE=1 and targets the same @bolloon packages
- dist/agents/shell-tool.js routes shell execution through dist/agents/shell-guard.js allow/deny checks
- network use is product-aligned P2P/IPFS/LLM/local web functionality
Source & flagged code
9 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
bin/bolloon.cjsView on unpkg · L1Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/heartbeat/StartupVerifier.jsView on unpkg · L89Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/security/input-scanner.jsView on unpkg · L56Package ships non-JavaScript build or shell helper files.
bin/bolloon.cmdView on unpkgPackage ships high-entropy non-source blobs.
dist/web/icons/favicon.icnsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/web/server.jsView on unpkg