AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. Risky primitives are CLI/web-agent-runtime features that require user invocation or configuration and are aligned with the package purpose.
Decision evidence
public snapshot- dist/core/auto-update.js can run user-configured background npm global self-update after CLI invocation.
- dist/clients/web/server.js exposes local exec/file/http bridge when user starts web server, but gated by origin/token rules.
- dist/core/host-exports/export.js writes generated host command files only on crtr CLI runs when host dirs already exist.
- scripts/postinstall.mjs only prints setup guidance and exits; no install-time payload, network, or file writes.
- bin/crtr and bin/crouter only import dist/cli.js; bin/crtrd imports daemon CLI.
- dist/commands/chord.js dispatches crtr subcommands via spawn/execFile without shell from explicit --run menu input.
- dist/core/self-update.js npm install and git update paths are explicit update features, not install/import-time execution.
- dist/commands/search/exa.js and dist/core/hearth/model-auth-guest.js use documented Exa/Anthropic endpoints for user-invoked search/OAuth flows.
- No credential harvesting or exfiltration path found beyond user-provided API/OAuth credentials used for package-aligned services.
Source & flagged code
10 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/clients/web/web-cmd.jsView on unpkg · L12Package source references shell execution.
dist/clients/attach/slash-commands.jsView on unpkg · L362Package source references dynamic require/import behavior.
dist/clients/attach/config-load.jsView on unpkg · L124Package source references weak cryptographic algorithms.
dist/builtin-pi-packages/pi-crtr-extensions/extensions/crouter-help.tsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/core/self-update.jsView on unpkg · L23Package ships high-entropy non-source blobs.
dist/web-client/assets/martian-mono-latin-wght-normal-5W32yIyr.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
dist/clients/attach/attach-cmd.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
dist/commands/chord.jsView on unpkg