AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package exposes broad AI-agent capabilities at runtime, but inspected entrypoints show user-invoked launch paths and guarded tooling rather than install-time exfiltration or persistence.
Decision evidence
public snapshot- package.json declares postinstall `node scripts/postinstall.js`, but no packaged scripts/postinstall.js exists.
- Package includes AI-agent shell/file tools and self-improve features under dist/agents/pi-sdk.js.
- bin/ipfs is a shipped native binary artifact.
- bin/bolloon-cli.cjs and dist/cli-entry.js are CLI launchers that spawn package entrypoints only on explicit `bolloon` use.
- dist/security/input-scanner.js Trojan-source hint is a defensive scanner regex for hidden Unicode, not hidden control flow.
- dist/agents/pi-sdk.js write/shell tools are guarded by allowlists and path checks; self-improve is described as branch-based and user/developer-mode triggered.
- dist/web/server.js binds to 127.0.0.1 by default and skips self-improve hook unless enabled.
- Network calls are product-aligned local IPFS/P2P/LLM/provider endpoints, not credential exfiltration endpoints.
Source & flagged code
8 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
bin/bolloon.cjsView on unpkg · L1Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/heartbeat/StartupVerifier.jsView on unpkg · L89Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/security/input-scanner.jsView on unpkg · L56Package ships non-JavaScript build or shell helper files.
bin/bolloon.cmdView on unpkgPackage ships high-entropy non-source blobs.
dist/web/icons/favicon.icnsView on unpkg