AI Security Review
scanned 9d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is a commercial Claude Code plugin thin client with interactive activation, licensed skill-pack download, and optional project metadata sync.
Decision evidence
public snapshot- postinstall prompts for a Sonic license/email and writes plugin/license data under ~/.sonic via lib/installer.js.
- bin/sonic.js launches the user-installed Claude CLI with --plugin-dir and optional user-controlled SONIC_SKIP_PERMISSIONS.
- lib/skillpack.js downloads a licensed skill pack from Supabase and extracts it after SHA-256 verification.
- lib/project-sync.js sends project/license metadata to Supabase when project sync is enabled.
- No obfuscated code, eval/Function, native binary loading, or hidden import-time execution found in inspected files.
- Network endpoints are explicit and aligned with license validation, skill-pack delivery, and dashboard status sync.
- Install-time behavior is interactive/local setup; it does not silently execute a remote payload or mutate unrelated AI-agent config.
- Secrets/API-key-looking value in lib/server-validate.js is documented as a Supabase anon key used as a public client credential.
- File writes are scoped to ~/.sonic, package plugin files, and user-invoked project .sonic files.
- Child process use is user-invoked CLI functionality: claude, npm update, npx sandbox, and git helpers.
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
lib/server-validate.jsView on unpkg · L24Supabase service role key (JWT) in lib/server-validate.js
lib/server-validate.jsView on unpkg · L24This package version adds a dangerous source file absent from the previous stored version.
bin/sonic.jsView on unpkgPackage source references dynamic require/import behavior.
bin/sonic.jsView on unpkg · L12Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
lib/doctor.jsView on unpkg · L12