AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface. Residual risk is explicit user-command setup that can install first-party agent skill instructions and save wallet credentials, plus user-invoked swap signing of real funds.
Decision evidence
public snapshot- package.json defines postinstall, but scripts/postinstall.mjs only prints a global-install onboarding banner.
- dist/index.js runInit can write AI-agent skill files to .claude, .cursor, AGENTS.md, or ~/.codex/AGENTS.md after interactive selection.
- dist/index.js writes credentials to .env or ~/.geodesics/.env during geodesics init.
- dist/index.js signs/submits wallet swap operations from explicit swap/activate commands using AGENT_SIGNER_PRIVATE_KEY.
- No install-time credential harvesting, network call, file mutation, or broad agent config mutation found.
- Wallet transfers/signatures are package-aligned cross-chain swap behavior and require explicit CLI commands and user-provided credentials.
- Network calls go to configured Geodesics API, Solana/RPC providers, Privy adapter paths, or documented verification/status routes.
- Packaged SKILL.md/README/QUICKSTART contain product instructions, not reviewer/prompt manipulation or hidden exfiltration instructions.
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource uses private key material to transfer cryptocurrency funds.
dist/index.jsView on unpkg · L8A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L8