AI Security Review
scanned 2d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is a user-invoked remote coding-agent bridge with daemon persistence, relay connectivity, token-based auth, and local Copilot/Claude adapter control. This is a dangerous dual-use/agent lifecycle surface, but inspection did not confirm malicious install-time or covert behavior.
Decision evidence
public snapshot- dist/daemon.js writes and loads a macOS LaunchAgents plist for background daemon persistence when started.
- dist/daemon-worker.js connects a local coding-agent adapter to a remote relay and authenticates with GitHub/channel tokens.
- dist/setup.js and dist/cli.js read gh auth tokens or saved device-flow tokens for relay login and pairing.
- dist/adapters/copilot.js and dist/adapters/claude.js wire Copilot/Claude sessions and MCP servers, enabling remote agent operation.
- dist/update.js can self-update via npm or GitHub release assets when the user runs update.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- Main dist/index.js only exports library APIs; daemon/setup behavior is CLI/runtime invoked.
- Network hosts are package-aligned: relay.kraki.chat, app.kraki.chat, GitHub OAuth/API, and package GitHub releases.
- Agent config mutations are scoped to Kraki shadow/session directories or explicit setup inputs, not silent install-time hijacking.
- No evidence of obfuscated payloads, stealth exfiltration, destructive actions, or unconsented npm install-time control-surface mutation.
Source & flagged code
7 flagged · loading sourceSource writes installer persistence such as shell profile or service configuration.
dist/daemon.jsView on unpkg · L7Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/update.jsView on unpkg · L9Package source invokes a package manager install command at runtime.
dist/update.jsView on unpkg · L4Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/adapters/copilot.jsView on unpkg · L266This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/adapters/pi.jsView on unpkg