AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface by source inspection. Risky primitives are user-invoked CLI features aligned with a multi-agent workspace scaffolder.
Decision evidence
public snapshot- package.json has no install/preinstall/postinstall lifecycle hooks; only a user-invoked bin entry bin/roster.js.
- bin/roster.js network use is package-aligned: Notion API, OpenAI embeddings, GitHub tag/skill fetches.
- bin/roster.js child_process use is tied to explicit CLI features such as crontab scheduling, git/npx founder-skills sync, and tool invocation.
- Hook writes in bin/roster.js are behind explicit `roster hooks install` and install visible Claude/Codex hook configs, not lifecycle execution.
- bin/tripwire-hook.js scans tool output for prompt-injection/secret-egress patterns and does not send data externally.
- File writes target scaffold/workspace or AI-tool config paths for documented install/init/doctor/schedule commands.
Source & flagged code
8 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
bin/roster.jsView on unpkg · L11A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
bin/roster.jsView on unpkg · L11This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/roster.jsView on unpkgSource combines command execution, command-output handling, and outbound requests; review data flow before blocking.
bin/roster.jsView on unpkg · L5224Source writes installer persistence such as shell profile or service configuration.
bin/roster.jsView on unpkg · L11Package ships non-JavaScript build or shell helper files.
templates/hooks/banner.shView on unpkg