AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a user-configured host gateway that persists a background service and executes configured AI agent CLIs for jobs from its authenticated ClawLink bridge.
Decision evidence
public snapshot- scripts/install.js installs persistent launchd/systemd/schtasks service when user runs setup/install
- src/worker.js polls remote bridge for jobs and runs configured AI runtime adapters
- src/adapters/base.js uses child_process.spawn for local agent CLIs
- native/index.js loads a shipped NAPI native transport binary on darwin-arm64
- templates/codex/AGENTS.md and templates/claude/CLAUDE.md are opt-in agent context files
- package.json has no preinstall/postinstall/prepare lifecycle hooks
- bin/cli.js only dispatches user-invoked commands; worker runs via clhost run/service
- scripts/install.js prompts for Host Token and baseline scaffolding before config/workspace changes
- src/bridge.js sends authenticated outbound calls to package-aligned host bridge
- src/adapters/base.js uses argv arrays and shell:false on POSIX, strips dangerous auto-approve flags
- No credential harvesting, hidden exfiltration, destructive actions, or reviewer prompt injection found
Source & flagged code
6 flagged · loading sourcePackage source references dynamic require/import behavior.
native/index.jsView on unpkg · L6This package version adds a dangerous source file absent from the previous stored version.
scripts/install.jsView on unpkgPackage source invokes a package manager install command at runtime.
scripts/install.jsView on unpkg · L36Source writes installer persistence such as shell profile or service configuration.
scripts/install.jsView on unpkg · L8Package ships native binary artifacts.
native/harness-core.darwin-arm64.nodeView on unpkg