AI Security Review
scanned 1d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a broad Growthub/agent CLI with explicit commands for auth, local server setup, kit export, agent harness launch, and optional skill installation.
Decision evidence
public snapshot- dist/index.js has user-invoked qwen-code/t3code commands that can pass --yolo to external agent CLIs
- dist/index.js agent local-cli can explicitly symlink package skills into ~/.codex/skills and ~/.claude/skills
- assets helper harvest-cursor-traces.mjs reads Cursor transcript JSONL only when run directly
- package.json has no preinstall/install/postinstall/prepare lifecycle hooks
- dist/index.js entrypoint registers CLI commands; risky paths require explicit commands such as auth login, agent local-cli, qwen-code, t3code, or kit download
- Network calls are package-aligned: Growthub hosted session/bridge URLs, GitHub APIs, skills.sh, LLM provider APIs, local Ollama/Growthub endpoints
- Session tokens are read from ~/.paperclip auth storage and sent as Bearer/cookie to the configured Growthub hostedBaseUrl or bridge override, not a hardcoded exfiltration host
- Dynamic import in resolver-loader.js loads local workspace resolver files from process cwd as a server extension mechanism
- File writes are scoped to Growthub/Paperclip config, kit forks, downloaded kits, explicit portal/workspace outputs, or explicit agent-skill setup
Source & flagged code
14 flagged · loading sourcePackage contains a possible secret pattern.
dist/runtime/server/dist/index.jsView on unpkg · L250Source downloads or fetches remote code and executes it.
dist/runtime/server/ui-dist/assets/OnboardingWizard-Dg9nKXj1.jsView on unpkg · L1Package source references child process execution.
dist/runtime/server/ui-dist/assets/OnboardingWizard-Dg9nKXj1.jsView on unpkg · L784Package source references shell execution.
dist/runtime/server/ui-dist/assets/OnboardingWizard-Dg9nKXj1.jsView on unpkg · L786Package source references dynamic code evaluation.
assets/worker-kits/growthub-custom-workspace-starter-v1/apps/workspace/lib/adapters/integrations/resolver-loader.jsView on unpkg · L30Package source references dynamic require/import behavior.
dist/runtime/server/ui-dist/assets/livescript-BwQOo05w.jsView on unpkg · L1Package source executes code through a VM context API.
dist/runtime/server/dist/services/plugin-runtime-sandbox.jsView on unpkg · L18Package source references weak cryptographic algorithms.
dist/runtime/server/dist/routes/plugin-ui-static.jsView on unpkg · L122Source appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L14A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L14A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L10413Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L14Package ships non-JavaScript build or shell helper files.
assets/worker-kits/growthub-custom-workspace-starter-v1/setup/check-deps.shView on unpkg