AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. Network, filesystem, database, and provider-copy behavior is exposed through explicit user-invoked CLI/API operations and configured destinations.
Static reason
One or more suspicious static signals were detected.
Trigger
Explicit CLI/API use such as `absorb sync --invoke`, database commands, delivery import with `--write`, or mirror readback.
Impact
Can perform the requested adapter, database, filesystem-copy, or provider-copy operation; no automatic install/import-time behavior or hidden persistence was found.
Mechanism
User-configured operational transports and receipt generation.
Rationale
Source inspection found a feature-rich, user-operated repository/database delivery CLI, not an unconsented execution or exfiltration chain. The scanner signals correspond to optional imports, configured environment references, and explicit transport commands.
Evidence
package.jsonbin/holorepo.mjssrc/embedder.mjssrc/absorb.mjssrc/adapter.mjssrc/db.mjssrc/delivery.mjssrc/graph.mjssrc/soul.mjssrc/participation.mjssrc/index.mjs
Network endpoints4
127.0.0.1:7411/mcpabsorb.holoscript.net/mcpregistry.npmjs.orgpypi.org
Decision evidence
public snapshotAI called this Clean at 95.0% confidence as Benign with low false-positive risk.
Evidence for block
- `src/absorb.mjs` can POST explicitly requested adapter calls and sends `ABSORB_API_KEY` only for its remote mode.
- `src/delivery.mjs` can run configured `aws`, `rclone`, `mc`, or `scp` copy commands during an explicit delivery import.
- `src/adapter.mjs` supports user-configured PostgreSQL, Docker, and SSH database transports.
Evidence against
- `package.json` contains no npm lifecycle hooks; install does not execute package code.
- `bin/holorepo.mjs` gates adapter network invocation behind `absorb sync --invoke` and writes behind `--write`.
- `src/embedder.mjs` dynamically imports only a caller-selected optional encoder; no eval, VM, or arbitrary shell loading is present.
- `src/delivery.mjs` uses fixed command templates with `shell: false`; source shows no credential harvesting or covert exfiltration.
- No source writes `.claude`, `.cursor`, Copilot, Codex, npm, SSH, or other AI-agent control-surface configuration.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
6 flagged · loading sourcesrc/absorb.mjsView file
64patternName = generic_password
severity = medium
line = 64
matchedText = if (url....ed';
Medium
src/embedder.mjsView file
17try {
L18: mod = await import(encoderModule);
L19: } catch {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
src/embedder.mjsView on unpkg · L17src/ci.mjsView file
38patternName = generic_password
severity = medium
line = 38
matchedText = if (url....ed';
Medium
src/git.mjsView file
37patternName = generic_password
severity = medium
line = 37
matchedText = if (url....ed';
Medium
src/config.mjsView file
213patternName = generic_password
severity = medium
line = 213
matchedText = if (url....ed';
Medium
254patternName = generic_password
severity = medium
line = 254
matchedText = redacted...d>';
Medium
Findings
7 Medium4 Low
MediumSecret Patternsrc/absorb.mjs
MediumDynamic Requiresrc/embedder.mjs
MediumEnvironment Vars
MediumSecret Patternsrc/ci.mjs
MediumSecret Patternsrc/git.mjs
MediumSecret Patternsrc/config.mjs
MediumSecret Patternsrc/config.mjs
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings