AI Security Review
scanned 2m ago · by lpm-firewall-aiThe MCP wrapper can fetch a platform binary from the package publisher's GitHub releases and execute it. This is a remote-code execution supply-chain surface, but no concrete malicious payload or exfiltration is present in the inspected TypeScript.
Decision evidence
public snapshot- `bin/aide-wrapper.ts` runs automatically when configured as the MCP server.
- Wrapper downloads a missing/outdated executable, then executes it with inherited environment.
- `src/lib/aide-downloader.ts` fetches release binaries without checksum or signature verification.
- `bin/aide-wrapper.ts` runs `bun install --frozen-lockfile` when package `node_modules` is absent.
- Explicit CLI install code writes Codex/OpenCode integration configuration and hooks.
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- Network URLs are package-aligned GitHub release/API endpoints.
- No source evidence of credential harvesting, secret exfiltration, destructive commands, or stealthy foreign config mutation.
- Configuration changes are exposed through explicit `aide-plugin install`/`uninstall` commands.
Source & flagged code
3 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/aide-wrapper.tsView on unpkgPackage source references child process execution.
bin/aide-wrapper.tsView on unpkg · L18Package source invokes a package manager install command at runtime.
bin/aide-wrapper.tsView on unpkg · L316