AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface from install or import. The package is an agent-memory CLI/daemon whose risky capabilities are explicit runtime/setup features.
Decision evidence
public snapshot- bundle/cli.js has user-invoked setup/connect code that writes agent hook configs under ~/.claude, ~/.codex, and ~/.cursor.
- bundle/cli.js can register a Honeycomb daemon with ~/.honeycomb/doctor.daemons.json and sends opt-out Tier-1 telemetry to PostHog.
- Hook bundles capture prompts/tool events and forward them to the local Honeycomb daemon.
- package.json postinstall only runs scripts/ensure-tree-sitter.mjs and scripts/ensure-embed-deps.mjs sanity checks; they do not write files, download payloads, or install hooks.
- bundle/cli.js agent hook wiring is activated by explicit CLI commands setup/connect/install, not npm lifecycle or import-time execution.
- Hook and SDK network traffic is package-aligned loopback daemon traffic at 127.0.0.1:3850; DeepLake API use is part of login/storage behavior.
- Connector install code preserves foreign hooks and removes only Honeycomb-marked entries on uninstall.
- embeddings/embed-daemon.js loads @huggingface/transformers lazily for a fixed model and binds locally by default.
- No credential harvesting, destructive actions, remote code execution, or lifecycle mutation of foreign agent control surfaces found.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
harnesses/claude-code/bundle/pre-tool-use.jsView on unpkg · L15999Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
bundle/cli.jsView on unpkg · L94Source writes installer persistence such as shell profile or service configuration.
bundle/cli.jsView on unpkg · L94Package source references dynamic require/import behavior.
embeddings/embed-daemon.jsView on unpkg · L34Package source references a known benign dynamic code generation pattern.
embeddings/embed-daemon.jsView on unpkg · L34A single source file combines environment access, network access, and code or shell execution; review context before blocking.
daemon/restart-helper.jsView on unpkg · L1Package ships high-entropy non-source blobs.
assets/logos/fonts/JetBrainsMono-Regular.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
daemon/index.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
harnesses/codex/bundle/capture.jsView on unpkg