AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a CLI that performs user-invoked deployment, demo, resolve, and scaffold actions involving Docker, git, SSH, Cloudflare, and local project files.
Decision evidence
public snapshot- dist/demo.js can read Cloudflare token from config or desired-state/.env and writes .demo/state.json with apiToken, but only inside user-invoked demo flow.
- dist/demo.js runs docker/git/CLI commands and calls Cloudflare/Forgejo APIs for demo provisioning and teardown.
- dist/resolve/resolve.js dynamically imports user config and reads an env-named Cloudflare token to list zones during resolve.
- package.json has no install/preinstall/postinstall lifecycle scripts; execution is via bin intentic or imported API.
- dist/init/scaffold-app.js child_process use is git clone/init for explicit app scaffolding.
- dist/demo.js network endpoints are package-aligned Cloudflare/Forgejo/Komodo/demo URLs derived from user config, not hardcoded exfiltration hosts.
- No source inspected writes AI-agent control surfaces, shell startup files, VCS hooks, autostart services, or foreign MCP/Claude/Codex config.
- No import-time execution beyond definitions was found in inspected hot files.
Source & flagged code
4 flagged · loading sourcePackage source references child process execution.
dist/init/scaffold-app.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/resolve/resolve.jsView on unpkg · L6A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/demo.jsView on unpkg · L29Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/demo.jsView on unpkg · L29