AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is an AI workflow CLI with explicit commands that configure its own ~/.coral state, project .claude integration, local daemons, and provider APIs.
Decision evidence
public snapshot- dist/commands/projectInit.js user-invoked project init can install .claude preset and project .claude/skills links.
- dist/commands/setup.js user-invoked setup installs @agentclientprotocol/claude-agent-acp globally and writes ~/.coral/env.
- dist/providers/llm/codexAuth.js reads and refreshes ~/.codex/auth.json for a Codex subscription provider.
- package.json has only prepublishOnly; no install/preinstall/postinstall lifecycle hook.
- dist/main.js only registers CLI handlers at import/startup; actions require explicit sps commands.
- dist/commands/setup.js prunes only legacy symlinks pointing under ~/.coral/skills, not arbitrary ~/.claude entries.
- dist/core/skills/distribution.js projects skills into .claude/skills only via explicit project/skill commands.
- Network use is package-aligned: GitLab, Matrix, local agentmemory, OpenAI/Codex provider paths.
- No credential harvesting/exfiltration, remote code loading, destructive persistence, or lifecycle agent hijack found.
Source & flagged code
8 flagged · loading sourcePackage source references child process execution.
dist/infra/spawn.jsView on unpkg · L10Package source invokes a package manager install command at runtime.
dist/commands/setup.jsView on unpkg · L201Source writes installer persistence such as shell profile or service configuration.
dist/commands/setup.jsView on unpkg · L20This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/manager/worker-manager-impl.jsView on unpkg