AI Security Review
scanned 1d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found, but the CLI can install asset-declared agent skills non-interactively as part of an explicit asset install. This is a guarded, user-invoked marketplace capability rather than npm install-time control hijack.
Decision evidence
public snapshot- src/install.ts runs `npx --yes skills add <source> -y` for asset-declared skillDependencies during `market install`.
- src/install.ts downloads/unzips asset ZIPs and writes contents into the target project root.
- src/install.ts may run package manager install when downloaded assets or merged dependencies require it.
- src/cli-client.ts reads DRAWCALL_AUTH_TOKEN and MARKET_API_URL; src/config.ts persists login tokens under drawcall-market config.
- package.json has no npm lifecycle hooks; execution is via explicit `market` CLI bin or imported APIs.
- src/install.ts rejects absolute and `..` ZIP paths before writing files.
- src/install.ts uses execFile with fixed executable/argv, not shell interpolation.
- Network calls are package-aligned to Drawcall Market/Auth APIs or user-supplied --api.
- No credential harvesting, broad filesystem scanning, persistence, destructive behavior, eval/vm, or import-time execution found.
Source & flagged code
3 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/install.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/install.jsView on unpkg · L361