AI Security Review
scanned 17h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. When the user runs the bridge CLI, an authenticated BuildAutomaton WebSocket can request installation of skill files. The handler permits traversal-capable server-supplied paths and writes them beneath or outside the bridge root; default output is an AI-agent skill directory.
Decision evidence
public snapshot- `dist/cli.js` accepts `install_skills` messages from its active WebSocket bridge.
- `dist/cli.js` writes server-supplied skill files with `path.join` and no traversal validation.
- Default skill target is `.agents/skills`, a discovered AI-agent extension location.
- `dist/cli.js` can install agents on a bridge message, including `curl | bash` for Cursor.
- No npm lifecycle hooks are declared in `package.json`.
- No install-time execution is declared in `package.json`.
- No `eval`, `new Function`, or decoded-payload execution was found in entrypoints.
- Base64 decoding is used for JWT/E2EE data and skill bytes, not dynamic code execution.
- Network defaults are package-aligned BuildAutomaton endpoints.
- The scanner's remote-decode-execute claim is unsupported by inspected source.
Source & flagged code
6 flagged · loading sourceSource fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/index.jsView on unpkg · L55A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/cli.jsView on unpkg · L48Package ships WebAssembly modules.
dist/tree-sitter/tree-sitter-go.wasmView on unpkg