AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is an explicit host gateway that installs a user service and runs configured AI-agent CLIs after operator setup.
Decision evidence
public snapshot- scripts/install.js can create launchd/systemd/schtasks services, but only via user-invoked setup/install/update commands
- src/adapters/base.js spawns configured agent CLIs and src/worker.js executes remote claimed jobs by design
- native/harness-core.darwin-arm64.node ships native QUIC/P2P code; strings show iroh relay/client libraries, not unrelated payloads
- package.json has no install/preinstall/postinstall lifecycle hook
- bin/cli.js only dispatches explicit CLI commands; import does not start service or worker
- scripts/install.js global npm install is best-effort to expose clhost during setup, not lifecycle execution
- src/bridge.js sends token-authenticated outbound requests only to configured bridge URL
- src/scaffold.js copies baseline AGENTS/CLAUDE files only after interactive opt-in and never overwrites existing files
- src/adapters/base.js uses argv arrays, shell:false on POSIX, redacts secrets, and filters known auto-approve flags
Source & flagged code
6 flagged · loading sourcePackage source references dynamic require/import behavior.
native/index.jsView on unpkg · L6This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
scripts/install.jsView on unpkgPackage source invokes a package manager install command at runtime.
scripts/install.jsView on unpkg · L36Source writes installer persistence such as shell profile or service configuration.
scripts/install.jsView on unpkg · L8Package ships native binary artifacts.
native/harness-core.darwin-arm64.nodeView on unpkg