AI Security Review
scanned 4h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a bundled BRICKS CLI with explicit user commands for auth, API calls, self-update, LAN discovery, and an optional ACP bridge.
Decision evidence
public snapshot- CLI has user-invoked network operations for BRICKS APIs and LAN discovery in lib/index.js/lib/737.js.
- desktop-acp-bridge can expose ~/.bricks-project-desktop/acp.sock over WebSocket when explicitly run.
- README documents token/config storage in ~/.bricks-cli/config.json and self-update command.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- bin/bricks and bin/bricks.cmd only dispatch to bun/node bin/bricks.js; bin/bricks.js imports lib/index.js and calls run().
- Network endpoints are BRICKS/product-aligned or documented local/LAN endpoints, not covert exfiltration hosts.
- Token handling is documented for auth login/login-token and config storage, not install/import-time harvesting.
- Dynamic import pattern is webpack chunk loading from local ./lib/*.js files.
- No AI-agent control-surface writes, persistence, destructive file operations, or credential scraping found.
Source & flagged code
3 flagged · loading sourcePackage source references a known benign dynamic code generation pattern.
lib/886.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/index.jsView on unpkg · L313Package ships non-JavaScript build or shell helper files.
bin/bricks.cmdView on unpkg