AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package has install-time Python environment setup and runtime AI-agent sandbox/file/network features, but they are documented and user/application-invoked rather than covert.
Decision evidence
public snapshot- Install lifecycle creates ee/python/.venv and pip-installs requirements; includes external PyTorch index https://download.pytorch.org/whl/cu124 when WHISPER_GPU=cuda.
- Runtime code includes AI sandbox/bash and file tools in ee/invoke-skills/create-sandbox.ts/dist/index.js, a dangerous capability but package-aligned for an AI agent backend.
- scripts/postinstall.cjs and ee/python/setup.sh are transparent Python dependency setup for documented transcription/document features, with SKIP_PYTHON_SETUP/CI skip paths.
- No source evidence of credential harvesting or exfiltration; env vars are used for configured Redis, S3, SMTP, model providers, telemetry, and auth.
- Scanner 'critical secret' is an example Google service-account JSON string with placeholder private_key in dist/index.js, not a real embedded secret.
- bin/backend.cjs only dispatches documented subcommands; dist/cli/start-whisper.cjs starts local uvicorn server from package venv on configured host/port.
- Network references are package-aligned: local Redis/LiteLLM/Whisper, Recall API, provider SDKs, S3/upload, Signoz OTLP, PyPI/pip setup.
- No AI-agent control-surface mutation, persistence outside package setup dirs, destructive install behavior, or hidden payload carrier found.
Source & flagged code
9 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
dist/index.jsView on unpkg · L12701Package source references weak cryptographic algorithms.
dist/chunk-WCP3WZM3.jsView on unpkg · L39Package ships non-JavaScript build or shell helper files.
ee/python/setup.shView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
ee/python/transcription/tests/__init__.pyView on unpkg