AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. Risky primitives are package-aligned control-panel setup, optional service installation, and local Tandem API communication behind explicit CLI/runtime use.
Decision evidence
public snapshot- Explicit CLI service install can create systemd/launchd services for Tandem components.
- Runtime panel proxies to configured local/enterprise Tandem endpoints.
- package.json has no install/postinstall/prepare hook; only prepublishOnly build hook.
- bin/cli.js and bin/init-env.js require explicit user commands for init/service actions.
- lib/setup/env.js writes Tandem env/config under XDG/app support paths, not foreign agent control files.
- Service files in lib/setup/services/* are named Tandem engine/control-panel and require root/user invocation.
- No credential harvesting or exfiltration endpoint found; token reads are for configured local Tandem APIs.
- Generated agent/MCP catalog is product UI data, not lifecycle-planted foreign agent instructions.
Source & flagged code
5 flagged · loading sourcePackage source references dynamic require/import behavior.
dist/assets/index-BVXQsh9I.jsView on unpkg · L2Manifest entrypoint contains risky behavior absent from dist/build output.
bin/cli.jsView on unpkg · L3Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/assets/vendor-12YBvskU.jsView on unpkg · L153Package ships non-JavaScript build or shell helper files.
bin/service-local.shView on unpkg