registry  /  @linghun/cli  /  0.1.30

@linghun/cli@0.1.30

AI Security Review

scanned 1h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `linghun run` with a prompt, prompt file, or stdin.
Impact
Potential broad local tool actions if the delegated TUI runtime honors full-access mode.
Mechanism
User-invoked autonomous headless task runner with auto-approval.
Rationale
The package does not contain concrete malicious behavior, but its user-invoked default autonomous full-access/auto-approve mode is a meaningful dangerous capability. The lifecycle hook is limited to permission repair for optional bundled binaries.
Evidence
package.jsonscripts/postinstall.cjsdist/main.js.linghun/settings.json

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `package.json` declares a `postinstall` hook.
  • `scripts/postinstall.cjs` conditionally chmods bundled and optional native executables to `0755`.
  • `dist/main.js` exposes `linghun run` with default `full-access` mode and automatic approval.
  • The headless command imports `@linghun/tui` and calls `runHeadlessTask` with user-supplied prompts.
Evidence against
  • Postinstall performs no network, shell, download, config, or agent-control-surface mutation.
  • No `child_process`, eval/vm, network client, or hard-coded endpoint appears in inspected package files.
  • API-key inspection is limited to configuration diagnostics and masks displayed values.
  • Prompt-file and stdin reads require explicit CLI invocation.
Behavioral surface
Source
CryptoEnvironmentVarsFilesystem
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 27.0 KB of source

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.cjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem