AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Sensitive file writes, package installation, git commands, network calls, and Claude project integration are tied to explicit CLI workflows for an AI development orchestrator rather than install-time execution.
Decision evidence
public snapshot- package.json has only prepublishOnly build script; no install/postinstall lifecycle execution.
- dist/main.js only dispatches CLI commands after user invocation; no import-time credential harvesting or network call beyond fetch polyfill.
- dist/commands/setup.js is user-invoked and writes ~/.coral/env from interactive prompts with 0600 permissions; it prunes only legacy SPS symlinks under ~/.claude/skills.
- dist/commands/setup.js may run npm install -g @agentclientprotocol/claude-agent-acp, but only during explicit sps setup.
- dist/commands/projectInit.js writes project config and optional project .claude assets during explicit project init, preserving existing files and adding gitignore entries.
- Network use is package-aligned: GitLab API, Matrix homeserver, local agentmemory, OpenAI/Codex auth refresh for configured agent features.
Source & flagged code
8 flagged · loading sourcePackage source references child process execution.
dist/infra/spawn.jsView on unpkg · L10This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/commands/setup.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/commands/setup.jsView on unpkg · L201Source writes installer persistence such as shell profile or service configuration.
dist/commands/setup.jsView on unpkg · L20