AI Security Review
scanned 2d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The main risk is guarded lifecycle startup of a package-owned local console daemon plus user-invoked agent skill installation. This is a dangerous local agent-console capability, but source inspection did not confirm malicious exfiltration or foreign control-surface hijack at install time.
Decision evidence
public snapshot- package.json defines postinstall: node postinstall.mjs
- postinstall.mjs conditionally runs dist/cli.mjs on global interactive installs
- dist/cli.mjs ensureDaemon spawns detached local server with [serverModulePath,"serve"]
- dist/fleet-plugins/skills/routes.mjs can install/update skills under project/global agent skill scopes via console routes
- dist/cli.mjs self-update worker can run global npm install for @dotobokuri/fleet-cli and @dotobokuri/fleet-console
- postinstall is guarded to non-CI global installs with FLEET_CONSOLE_NO_AUTO_OPEN opt-out
- server binds to 127.0.0.1 and uses Host/Origin/lock-token checks
- terminal and skills routes require isTerminalAuthorized or lock authorization
- skills install validates source/skill/agent/scope and is user-invoked through console routes
- no credential harvesting or external exfiltration flow found in inspected files
- network use is package-aligned update/search/MCP catalog behavior
Source & flagged code
8 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/client/assets/index-DWgndVkX.jsView on unpkg · L157Package source references dynamic require/import behavior.
dist/client/assets/index-DWgndVkX.jsView on unpkg · L10Package source references shell execution.
dist/fleet-plugins/terminal/routes.mjsView on unpkg · L17538Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/fleet-plugins/skills/routes.mjsView on unpkg · L2Package ships high-entropy non-source blobs.
dist/client/assets/cascadia-code-latin-ext-wght-normal-CeKCfnVW.woff2View on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.mjsView on unpkg