AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time behavior was found. Runtime has a risky obfuscated self-updating CLI that can execute cached CodeVine code and user-invoked AI client setup/upload features.
Decision evidence
public snapshot- package.json has a postinstall require of ./dist/postinstall.cjs, but that file is absent so it is caught and inert.
- dist/cli.cjs is heavily obfuscated after line 95, obscuring runtime behavior.
- dist/cli.cjs loads and executes newer cached code from ~/.codevineai/bin/<host>/cli.cjs via require().
- Decoded strings expose self-update endpoints for https://codevine.ai/app/cli/cli.cjs and npm latest metadata.
- CLI exposes install/setup/uninstall commands for Claude/AI client support and an upload command for Claude Code conversation logs.
- Only package files present are package.json and dist/cli.cjs; no bundled postinstall payload exists.
- Install-time hook does not mutate files because dist/postinstall.cjs is missing and errors are swallowed.
- Agent/client mutation appears tied to explicit user commands, not npm install.
- Network endpoints are package-aligned CodeVine/npm update/auth functionality.
- No clear credential exfiltration, destructive action, or stealth persistence confirmed from static inspection.
Source & flagged code
6 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.cjsView on unpkg · L94Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/cli.cjsView on unpkg · L94Package source references dynamic require/import behavior.
dist/cli.cjsView on unpkg · L13