AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is a large Builder.io AI/codegen CLI with expected user-invoked filesystem, shell, credentials, and network behavior.
Decision evidence
public snapshot- dist/cli.mjs registers user-invoked AI/codegen, launch, push/pull, update, mcp, and auth commands with shell/file/network capabilities.
- dist/credentials-Dud2G0b8.mjs can write credentials under ~/.builder or project .builder paths and add .gitignore entries after auth flows.
- dist/credentials-Dud2G0b8.mjs contains agent prompts and generated AGENTS.md writing for Builder org-tree sync, but not install-time execution.
- package.json has no lifecycle scripts; only bin builder -> dist/cli.mjs.
- dist/cli.mjs only calls program.parseAsync after command registration; dangerous paths are CLI subcommands, not import/install hooks.
- Clipboard/crypto-wallet hint is noisy: matches bundled prompt/example text such as wallet.dat and large wasm/base64, not clipboard replacement code.
- Child_process use is package-aligned: editor launch, git, tar/powershell self-update, VS Code tunnel, ffmpeg, tsserver, and user-command execution.
- Network hosts are Builder/Sentry/Amplitude/registry/Figma/VS Code endpoints aligned with CLI auth, telemetry, update, and Builder services.
Source & flagged code
11 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/pac-B6nOKGmK.mjsView on unpkg · L15229Package source references child process execution.
dist/vscode-tunnel-manager-DX6YWQ9F.mjsView on unpkg · L3Source reads and rewrites clipboard contents matching cryptocurrency wallet addresses.
dist/cli.mjsView on unpkg · L2A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli.mjsView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/cli.mjsView on unpkg · L2Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/cli.mjsView on unpkg · L2Source decrypts an embedded payload, writes it to disk, and executes it through a child process.
dist/credentials-Dud2G0b8.mjsView on unpkgPackage contains source files above the static scanner size ceiling.
dist/credentials-Dud2G0b8.mjsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/credentials-Dud2G0b8.mjsView on unpkg