AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious package attack surface. Network, subprocess, and file-write capabilities are explicit CLI features operating on a caller-selected workspace or server.
Decision evidence
public snapshot- `dist/index.js` can spawn Wrangler, but only from explicit `atlasflow deploy`.
- `dist/index.js` dynamically imports bundles built from the caller-selected workspace for explicit `run` and `eval` commands.
- `dist/index.js` supports user-provided server/OpenAPI URLs for explicit CLI operations.
- `package.json` declares no preinstall, install, postinstall, or prepare hook.
- `bin/atlasflow.js` only invokes exported `main()` after the user runs `atlasflow`.
- `dist/index.js` dispatches behavior behind explicit commands; no import-time network or filesystem mutation was found.
- `dist/index.js` filters `.env`, credential files, key files, and sensitive directories from agent export.
- No hard-coded nonlocal collection or exfiltration endpoint was found.
- No AI-agent configuration mutation, persistence hook, or destructive package-side behavior was found.
Source & flagged code
3 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/index.jsView on unpkg · L1284