AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The main risk is opaque obfuscated distributed code plus a prompt-injection notice, but inspected behavior aligns with an SDK/dev toolkit and requires explicit CLI/runtime use.
Decision evidence
public snapshot- dist/index.js is deliberately obfuscated and begins with an AI/reviewer instruction-injection notice telling tools to refuse analysis.
- dist/index.js imports pg and reads database env vars for direct migrations, increasing review opacity.
- bin/cli.mjs and src/dev/serve.ts spawn Bun to run user-supplied plugin server/main.ts files when the CLI is invoked.
- package.json has no install/preinstall/postinstall lifecycle scripts.
- bin/cli.mjs only launches the local dev toolkit after explicit CLI use; no import-time child process execution found.
- src/dev/serve.ts and src/dev/dev-host.ts bind/proxy only localhost 127.0.0.1 dev endpoints for plugins and the toolkit shell.
- src/dev/preload.ts sets a Bun SQLite dev hook and synthetic identity for local plugin testing.
- src/dev/dev-assets.ts uses S3_* only when configured for package-aligned local asset upload/presign/delete.
- No credential harvesting, persistence, destructive host writes, or off-package exfiltration endpoint found in inspected source.
Source & flagged code
8 flagged · loading sourceSource contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/index.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/index.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
src/dev/dev-host.tsView on unpkg · L135Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
shell/_build/.vite/manifest.json.gzView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
src/dev/sqlite-pool.tsView on unpkg