AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a user-invoked gateway/worker that stores tokens locally, installs an explicit background service, and relays jobs to configured local AI runtimes.
Decision evidence
public snapshot- package.json has no install/postinstall lifecycle scripts; execution is via explicit CLI commands.
- bin/cli.js dispatches user-invoked commands; default/setup routes to interactive installer, run routes to worker.
- scripts/install.js persistence is explicit service installation/update under launchd/systemd/schtasks for the advertised background gateway.
- src/bridge.js only posts host-token authenticated actions to the configured ClawLink host-bridge endpoint.
- src/adapters/base.js spawns configured agent runtime with argv arrays and shell false on POSIX; forbidden unsafe flags are stripped.
- templates/codex/AGENTS.md and scaffold.js add baseline agent files only after an interactive opt-in and do not overwrite existing files.
Source & flagged code
6 flagged · loading sourcePackage source references dynamic require/import behavior.
native/index.jsView on unpkg · L6Package source invokes a package manager install command at runtime.
scripts/install.jsView on unpkg · L33Source writes installer persistence such as shell profile or service configuration.
scripts/install.jsView on unpkg · L8Package ships native binary artifacts.
native/harness-core.darwin-arm64.nodeView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
src/transport/p2p.jsView on unpkg