AI Security Review
scanned 2h ago · by lpm-firewall-aiA user-invoked `pull` or `install` downloads a marketplace archive and extracts it without validating entry paths. A malicious archive can escape the intended target directory and overwrite files accessible to the CLI user.
Decision evidence
public snapshot- `dist/index.js` extracts remote ZIP entries with `path.join(targetDir, filename)` without traversal validation.
- `pull`/`install` fetch archives from the configured AIMD server and write every ZIP entry.
- `run` executes explicitly annotated Markdown shell blocks after displaying each command and prompting.
- `hook install` explicitly writes only `.git/hooks/pre-commit` when user invokes it.
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- `bin/aimd.js` only imports the CLI entrypoint; actions require a named CLI command.
- The secret regexes in `dist/compliance/secrets.js` are local audit patterns, not embedded credentials.
- No hidden endpoint, credential exfiltration, persistence, or foreign AI-agent configuration write was found.
Source & flagged code
5 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/compliance/secrets.jsView on unpkg · L62RSA private key in dist/compliance/secrets.js
dist/compliance/secrets.jsView on unpkg · L62A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L6