AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No unconsented install-time attack surface is established. User-invoked commands can install extensions and apply standalone updates, creating a meaningful but explicit agent-tool lifecycle capability.
Decision evidence
public snapshot- `cli-entry.js` launches the CLI only when the user invokes `seed`; no npm lifecycle hook exists.
- `chunks/chunk-JJV5MLJ6.js` exposes explicit extension install/update commands that can fetch and write agent-extension state.
- `chunks/chunk-CPXGW7M2.js` supports standalone auto-update after runtime update information.
- `package.json` has no `preinstall`, `install`, `postinstall`, or uninstall script.
- `cli-entry.js` only dispatches CLI arguments and spawns Node with `--expose-gc`.
- No inspected source showed credential harvesting, secret exfiltration, stealth persistence, or foreign-agent configuration mutation.
- Native `rg` and Tree-sitter WASM are packaged CLI tooling artifacts, not a confirmed payload chain.
Source & flagged code
15 flagged · loading sourcePackage contains a critical-looking secret pattern.
chunks/tree-sitter-bash-BGOXE3EP.jsView on unpkg · L8AWS access key ID in chunks/tree-sitter-bash-BGOXE3EP.js
chunks/tree-sitter-bash-BGOXE3EP.jsView on unpkg · L8Package source references child process execution.
chunks/lowlight-U5S6WPSE.jsView on unpkg · L773Package source references a known benign dynamic code generation pattern.
chunks/chunk-5NDHUVDS.jsView on unpkg · L279Source exposes local file and command tools to a remote model endpoint.
chunks/chunk-JJV5MLJ6.jsView on unpkg · L190Package source references dynamic require/import behavior.
chunks/chunk-JJV5MLJ6.jsView on unpkg · L190Package source executes code through a VM context API.
chunks/workflow-6EXGJJOE.jsView on unpkg · L300Package source references weak cryptographic algorithms.
chunks/chunk-OGIOA4CV.jsView on unpkg · L15Source decrypts an embedded payload, writes it to disk, and executes it through a child process.
chunks/chunk-RYJVBI6K.jsView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
chunks/gemini-S7ITV7QO.jsView on unpkg · L76Package ships high-entropy non-source blobs.
web-shell/assets/KaTeX_Script-Regular-D3wIWfF6.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
chunks/chunk-W3CISIOJ.jsView on unpkg