AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The risky behavior is package-aligned install/runtime setup for a backend with Python transcription and AI/sandbox features.
Decision evidence
public snapshot- package.json runs preinstall Node version gate and postinstall scripts/postinstall.cjs
- scripts/postinstall.cjs executes package-local ee/python/setup.sh at install time unless skipped
- ee/python/setup.sh creates ee/python/.venv and pip-installs requirements; optional torch wheel index is download.pytorch.org
- ee/invoke-skills/create-sandbox.ts exposes bash/readFile/writeFile tools and can degrade sandboxing, but this is app runtime functionality
- No credential harvesting or exfiltration found in inspected lifecycle/bin entrypoints
- bin/backend.cjs only dispatches documented package-local subcommands
- dist/index.js import path defines exports and Redis helpers; no install/import-time destructive behavior found
- Secret-looking patterns in dist/index.js are documentation/example placeholders, not live keys
- Network use is aligned with backend, LiteLLM, Whisper, S3, OCR, and user-invoked service features
- Python test __init__.py is empty; no hidden executable payload observed there
Source & flagged code
9 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
dist/index.jsView on unpkg · L12659Package source references weak cryptographic algorithms.
dist/chunk-WCP3WZM3.jsView on unpkg · L39Package ships non-JavaScript build or shell helper files.
ee/python/setup.shView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
ee/python/transcription/tests/__init__.pyView on unpkg