AI Security Review
scanned 13h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is a first-party Honeycomb agent integration that can wire AI assistant hooks and install skill/agent artifacts when users run its CLI or daemon workflows. The npm postinstall path itself is dependency sanity checking only and does not mutate agent control surfaces.
Decision evidence
public snapshot- bundle/cli.js defines user commands setup/install/hook that wire assistant hooks and skills/agents.
- bundle/cli.js connector code writes harness config for .codex/.claude/.cursor/.hermes/.pi/.openclaw skills/agents.
- harnesses/codex/bundle/capture.js captures agent events and posts to local daemon /api/hooks.
- harnesses/codex/bundle/capture.js CODEX_HOST_CLI includes codex exec --dangerously-bypass-approvals-and-sandbox for agent spawning.
- package.json postinstall only runs scripts/ensure-tree-sitter.mjs and scripts/ensure-embed-deps.mjs.
- scripts/ensure-tree-sitter.mjs only resolve/checks WASM parser dependencies and exits non-fatally.
- scripts/ensure-embed-deps.mjs only checks optional @huggingface/transformers presence and does not download or import it.
- Agent config mutation appears tied to explicit CLI setup/install/hook or daemon lifecycle, not npm postinstall.
- Hook network calls target local daemon 127.0.0.1:3850; SDK/cloud endpoints are product-aligned.
- No credential exfiltration, remote payload execution, destructive install behavior, or hidden persistence confirmed.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
harnesses/claude-code/bundle/pre-tool-use.jsView on unpkg · L16133Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
bundle/cli.jsView on unpkg · L132Source writes installer persistence such as shell profile or service configuration.
bundle/cli.jsView on unpkg · L132Package source references dynamic require/import behavior.
embeddings/embed-daemon.jsView on unpkg · L34Package source references a known benign dynamic code generation pattern.
embeddings/embed-daemon.jsView on unpkg · L34A single source file combines environment access, network access, and code or shell execution; review context before blocking.
daemon/restart-helper.jsView on unpkg · L1Package ships high-entropy non-source blobs.
assets/logos/fonts/JetBrainsMono-Regular.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
daemon/index.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
harnesses/codex/bundle/capture.jsView on unpkg