AI Security Review
scanned 2h ago · by lpm-firewall-aiNo install-time malicious behavior is established. An explicit AI-tools scaffold can generate a restricted Python code executor, creating a downstream dangerous capability if deployed with untrusted code input.
Decision evidence
public snapshot- `dist/templates/ai-service-tools.js` generates a Python `CodeInterpreterTool` that compiles and executes supplied code.
- The generated executor's `timeout` parameter is not enforced around `exec(byte_code, env)`.
- `dist/commands/add.js` can write the AI-tools template into a target project after an explicit add command.
- `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
- `dist/cli.js` registers actions behind explicit `chimerai` subcommands; importing `dist/index.js` only exports modules.
- `dist/commands/create.js` runs its generated installer only when the user supplies `--install`.
- Network use is package-aligned: license activation uses the ChimerAI worker, while provider validation calls user-selected provider APIs.
- No source evidence of credential harvesting, exfiltration, hidden persistence, remote payload loading, or AI-agent configuration mutation.
Source & flagged code
6 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/commands/add.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/commands/add.jsView on unpkg · L2254Package source references child process execution.
dist/templates/ai-service-tools.jsView on unpkg · L483Package source references dynamic require/import behavior.
dist/scanner.jsView on unpkg · L11