AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Risky primitives are aligned with a local Fleet Console product: loopback HTTP UI, terminal/session management, git/file viewers, plugin loading, and opt-in updates.
Decision evidence
public snapshot- package.json defines postinstall hook.
- postinstall.mjs may run dist/cli.mjs only for global, non-CI installs with display.
- dist/fleet-plugins/skills/routes.mjs can npm-install/run skills@1.5.14 after authorized local route calls.
- dist/fleet-plugins/terminal/routes.mjs spawns shells/agent CLIs for console terminal sessions.
- dist/cli.mjs fetches npm registry/GitHub release data for update checks.
- postinstall.mjs has no network code and skips dependency/CI installs unless global auto-open conditions match.
- Server binds/validates loopback host/origin and terminal routes require isTerminalAuthorized.
- diff/file routes use realpath containment; git is spawned with shell:false and path args are guarded with --.
- Skills install inputs are allowlisted and invoked only through authorized console routes.
- No credential harvesting/exfiltration, destructive lifecycle behavior, or hidden payload download found.
Source & flagged code
8 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/client/assets/index-BY_CeGCl.jsView on unpkg · L155Package source references dynamic require/import behavior.
dist/client/assets/index-BY_CeGCl.jsView on unpkg · L10Package source references shell execution.
dist/fleet-plugins/terminal/routes.mjsView on unpkg · L17501Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/fleet-plugins/skills/routes.mjsView on unpkg · L2Package ships high-entropy non-source blobs.
dist/client/assets/cascadia-code-latin-ext-wght-normal-CeKCfnVW.woff2View on unpkgThis package version adds a dangerous source file absent from the previous stored version.
dist/fleet-plugins/diff/routes.mjsView on unpkg