AI Security Review
scanned 4h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack behavior is established. User-invoked setup can install persistent first-party Tandem engine and control-panel services.
Decision evidence
public snapshot- `bin/cli.js` explicit `init` installs OS services unless `--no-service`/`--foreground` is set.
- `lib/setup/services/systemd.js` and `launchd.js` create persistent Tandem engine/control-panel service units.
- `bin/service-runner.js` starts the package panel and `@frumu/tandem` engine with inherited environment.
- `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
- Persistence is reached through user-invoked CLI commands, not package installation.
- Network code proxies configured Tandem/knowledgebase endpoints; no hard-coded exfiltration host found.
- Dynamic resolution is limited to the declared `@frumu/tandem` engine entrypoint.
- The reported Unicode controls in `dist/assets/vendor-BtvK_bPf.js` are BOM bytes in bundled vendor code, not concealed source logic.
Source & flagged code
5 flagged · loading sourcePackage source references dynamic require/import behavior.
dist/assets/index-FTt5P2sf.jsView on unpkg · L2Manifest entrypoint contains risky behavior absent from dist/build output.
bin/cli.jsView on unpkg · L3Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/assets/vendor-BtvK_bPf.jsView on unpkg · L153Package ships non-JavaScript build or shell helper files.
bin/service-local.shView on unpkg