AI Security Review
scanned 17h ago · by lpm-firewall-aiNo confirmed malicious attack surface; risky primitives are user-invoked deployment/demo CLI behavior. The package can create project scaffolds, run Docker/git, and call Cloudflare/Forgejo APIs when corresponding commands are run.
Decision evidence
public snapshot- dist/demo.js can run Docker, SSH, Forgejo and Cloudflare operations, including deleting demo tunnels/DNS on explicit clear.
- dist/resolve/resolve.js dynamically imports a user config path and reads a Cloudflare token from env for zone discovery.
- dist/init/scaffold-app.js shells out to git clone/init and writes starter app files when init scaffolding is invoked.
- package.json has no install/preinstall/postinstall lifecycle hooks; activation is via bin intentic or direct demo script only.
- dist/cli.js only dispatches @stricli CLI commands, with no import-time side effects beyond running requested CLI.
- Network endpoints are product-aligned Cloudflare/demo URLs and localhost services, not covert exfiltration endpoints.
- No code found writing AI-agent control surfaces, shell startup files, VCS hooks, or persistence outside user-requested project/demo paths.
- Command execution is tied to explicit scaffold/demo workflows and fixed tools like git/docker, not obfuscated payload execution.
Source & flagged code
4 flagged · loading sourcePackage source references child process execution.
dist/init/scaffold-app.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/resolve/resolve.jsView on unpkg · L6A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/demo.jsView on unpkg · L29Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/demo.jsView on unpkg · L29