AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit `trellis init` can install Trellis-owned project agent configuration and hooks. Explicit channel use can spawn a configured wrapper or call a configured local OpenAI-compatible proxy. No install-time execution or confirmed malicious chain was found.
Decision evidence
public snapshot- `dist/configurators/codex.js` writes project agent skills, hooks, and config during explicit setup.
- `dist/commands/channel/adapters/antigravity.js` can spawn a configured local wrapper with inherited environment.
- `dist/templates/*` ship hook scripts that run after the user installs platform integration.
- `package.json` has no preinstall/install/postinstall hooks; only prepublishOnly.
- `bin/trellis.js` only imports the CLI when the user invokes it.
- Agent writes are project-scoped (`.codex`, `.agents`, platform dirs), not home/global config.
- Antigravity defaults to localhost and uses configured credentials; no hard-coded remote endpoint.
- Template network scan found no HTTP client calls in shipped hooks.
- No credential-file harvesting, eval/vm execution, or covert exfiltration found.
Source & flagged code
2 flagged · loading sourcePackage ships non-JavaScript build or shell helper files.
dist/templates/copilot/hooks/session-start.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/commands/channel/adapters/antigravity.jsView on unpkg