AI Security Review
scanned 1h ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Network and file-write primitives are package-aligned: user-invoked web fetching, optional LLM transformation, optional rendering, and explicit agent skill installation.
Decision evidence
public snapshot- package.json defines no npm lifecycle scripts; only a bin entrypoint is exposed.
- bin/captatum.mjs only re-execs local dist/cli.js with args or dist/interfaces/mcp/stdio-bridge.js without args.
- dist/cli.js fetches a user-supplied URL or runs explicit `captatum skill install/print`; no install/import-time mutation.
- dist/interfaces/mcp/skill.js writes Claude/Codex skill files only after explicit CLI `skill install`, with package-aligned fetch guidance.
- dist/infrastructure/http/guarded-fetcher.js validates redirects, DNS/public addresses, blocked ports, timeouts, and byte caps for web fetches.
- dist/infrastructure/llm/openrouter.js and http-json.js use configured provider endpoints and guard cleartext API-key egress.
Source & flagged code
2 flagged · loading sourceSource contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/interfaces/mcp/format.jsView on unpkg · L112This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/infrastructure/http/body.jsView on unpkg