AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Interactive startup with Herald credentials can download dynamic skill text and persist it as Claude skill files in a Herald-managed directory. Explicit integration commands can install Herald skills into supported agent directories. No install-time attack surface is established.
Decision evidence
public snapshot- `dist/main.js` auto-syncs server-provided dynamic skills after interactive startup when credentials exist.
- `dist/lib/dynamic-skills-cache.js` fetches `/api/cli/skills` and writes returned content as `SKILL.md` under Herald-managed Claude skill directories.
- `dist/lib/claude-integration.js` and `dist/lib/experiment/claude-subprocess.js` create Herald-owned Claude config/skill directories and can launch the Claude CLI.
- `dist/screens/Investigation.js` executes shell commands only for user input prefixed with `!`.
- `dist/main.js` runs `npm install -g @herald-ai/herald` only after an in-app upgrade request.
- `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
- `bin/herald.js` only resolves and imports `dist/main.js`; no hidden loader behavior found.
- Global Cursor, Claude, and Codex skill writes are behind explicit `herald integrate <target>` commands.
- Managed Claude files are placed below Herald's own configuration directory, not written into the user's global Claude configuration.
- No source evidence of credential harvesting, covert exfiltration, destructive actions, or install-time foreign AI-agent control-surface mutation.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
dist/screens/Investigation.jsView on unpkg · L2Package source references dynamic require/import behavior.
bin/herald.jsView on unpkg · L5Package source invokes a package manager install command at runtime.
dist/main.jsView on unpkg · L336This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/lib/experiment/claude-subprocess.jsView on unpkg