AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a spec workflow CLI that can run tests, call configured LLM endpoints, and write workflow artifacts only when explicit commands are invoked.
Decision evidence
public snapshot- dist/commands/verify-acs.js runs user-requested Vitest via bunx/configured lane command
- dist/lib/gate-executor.js can POST prompts to local OpenAI-compatible endpoint and optionally use ai SDK cloud model
- dist/commands/ac-backfill.js requires AI_GATEWAY_API_KEY before model calls and may git add/commit user repo changes
- dist/lib/events.js writes telemetry JSONL under .claude/tmp or EOS_SPEC_EVENTS_PATH
- package.json has no preinstall/install/postinstall hook; prepare/prepublishOnly only run npm build
- bin/eos-spec.js only imports dist/index.js and parses explicit CLI commands
- Filesystem writes are command-scoped spec/artifact/telemetry outputs, not install-time persistence
- No credential harvesting or exfiltration logic found; env vars are used as configuration/model keys
- Network use is package-aligned LLM/embedding functionality and user-invoked, not import-time
Source & flagged code
3 flagged · loading sourcePackage source invokes a package manager install command at runtime.
dist/commands/verify-acs.jsView on unpkg · L84This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/lib/events.jsView on unpkg