AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack behavior was found. The main residual risk is explicit user-command agent extension setup that links Growthub/Paperclip skills into Codex and Claude skill directories.
Decision evidence
public snapshot- dist/index.js agent local-cli can symlink package skills into ~/.codex/skills and ~/.claude/skills after explicit command.
- dist/index.js sends optional telemetry to PostHog host when GROWTHUB_POSTHOG_API_KEY/NEXT_PUBLIC_POSTHOG_PROJECT_TOKEN is set.
- dist/index.js stores hosted auth session tokens under the package home auth/session.json and uses them for Growthub API requests.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- dist/index.js registers CLI commands and requires user-invoked actions for network, auth, local server, git, and agent operations.
- Growthub API requests use session.hostedBaseUrl or https://www.growthub.ai package-aligned endpoints with bearer tokens.
- Codex/Claude skill installation is an explicit agent local-cli command and uses symlinks to package skills, not stealth install-time mutation.
- resolver-loader.js dynamically imports local resolver files from the workspace server directory, not remote code.
- OnboardingWizard asset is bundled UI code; scanner child_process/download-execute hint was not confirmed as package entrypoint attack behavior.
Source & flagged code
15 flagged · loading sourcePackage contains a possible secret pattern.
dist/runtime/server/dist/index.jsView on unpkg · L250Source downloads or fetches remote code and executes it.
dist/runtime/server/ui-dist/assets/OnboardingWizard-Dg9nKXj1.jsView on unpkg · L1Package source references child process execution.
dist/runtime/server/ui-dist/assets/OnboardingWizard-Dg9nKXj1.jsView on unpkg · L784Package source references shell execution.
dist/runtime/server/ui-dist/assets/OnboardingWizard-Dg9nKXj1.jsView on unpkg · L786Package source references dynamic code evaluation.
assets/worker-kits/growthub-custom-workspace-starter-v1/apps/workspace/lib/adapters/integrations/resolver-loader.jsView on unpkg · L30Package source references dynamic require/import behavior.
dist/runtime/server/ui-dist/assets/livescript-BwQOo05w.jsView on unpkg · L1Package source executes code through a VM context API.
dist/runtime/server/dist/services/plugin-runtime-sandbox.jsView on unpkg · L18Package source references weak cryptographic algorithms.
dist/runtime/server/dist/routes/plugin-ui-static.jsView on unpkg · L122Source appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L14A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L14A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L10413Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L14Package ships non-JavaScript build or shell helper files.
assets/worker-kits/growthub-custom-workspace-starter-v1/setup/check-deps.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
assets/worker-kits/growthub-custom-workspace-starter-v1/apps/workspace/app/settings/apps/page.jsxView on unpkg