AI Security Review
scanned 10d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a licensed thin client that installs a Claude Code plugin, validates a license, and fetches protected skills from the vendor service after user activation or launch.
Decision evidence
public snapshot- package.json runs postinstall script
- scripts/postinstall.js prompts for license/email and writes installer state under ~/.sonic
- lib/server-validate.js posts license/email/machine metadata to Supabase validate-license endpoint
- lib/skillpack.js downloads and extracts a remote skill pack into ~/.sonic/sonic-agent after license validation
- bin/sonic.js can launch Claude with --plugin-dir and optional --dangerously-skip-permissions via user command/env
- plugin/commands/sonic-help.md references skills excluded from package and supplied by remote pack
- postinstall is interactive and skips CI/SONIC_SKIP_POSTINSTALL; it does not validate or exfiltrate during install
- network calls are license/skillpack aligned and triggered by activate/start/doctor, not hidden import-time behavior
- remote skill pack download checks SHA-256 from server response before extraction
- installer writes only Sonic-owned ~/.sonic paths and project .sonic init/autopilot files on explicit commands
- no code found harvesting shell credentials, SSH keys, npm tokens, wallets, or arbitrary user files
- plugin prompts are domain-aligned WordPress/SEO instructions, not reviewer manipulation or credential theft
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
lib/server-validate.jsView on unpkg · L24Supabase service role key (JWT) in lib/server-validate.js
lib/server-validate.jsView on unpkg · L24This package version adds a dangerous source file absent from the previous stored version.
bin/sonic.jsView on unpkgPackage source references dynamic require/import behavior.
bin/sonic.jsView on unpkg · L12Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
lib/doctor.jsView on unpkg · L12