AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No unconsented install-time attack was found. The package exposes runtime/CLI agent capabilities that can execute shell commands and make HTTP/webhook calls when a user runs HoloScript compositions or daemons.
Decision evidence
public snapshot- dist/chunk-BQJ3YBF3.js registers shell, webhook, and http traits in the default trait registry.
- dist/chunk-BQJ3YBF3.js shell trait can spawn user-specified commands with shell:true on shell:exec events.
- dist/cli/holoscript-runner.js daemon can write .holoscript state/lock files and run skill commands when --allow-shell is enabled.
- dist/cli/holoscript-runner.js holomesh-daemon contacts a default remote orchestrator using HOLOSCRIPT_API_KEY.
- package.json has no preinstall/install/postinstall script; only prepublishOnly build script.
- bin/holoscript.cjs only dispatches to the CLI runner; no install-time execution.
- Webhook/http URLs are config or event supplied; no hardcoded command-output exfiltration sink found.
- CLI shell skill execution defaults allowShell:false and supports command allowlisting.
- ExpressionEvaluator blocks obvious process/fs/child_process escapes before using Function.
Source & flagged code
10 flagged · loading sourcePackage source references child process execution.
dist/traits/index.jsView on unpkg · L15694Package source references dynamic require/import behavior.
bin/holoscript.cjsView on unpkg · L6Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.jsView on unpkg · L138Package source references weak cryptographic algorithms.
dist/index.jsView on unpkg · L138Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/chunk-GIBF4BHH.jsView on unpkg · L311Source writes installer persistence such as shell profile or service configuration.
dist/chunk-GIBF4BHH.jsView on unpkg · L311Source executes local commands and sends command output to an external endpoint.
dist/chunk-IFW5IW4L.cjsView on unpkg · L1366A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/chunk-BQJ3YBF3.jsView on unpkg · L1364