registry  /  @linghun/cli  /  0.1.29

@linghun/cli@0.1.29

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `linghun run` with a prompt, positional prompt, prompt file, or stdin.
Impact
The delegated TUI agent may perform approved local tool actions; its implementation is outside this package's inspected source.
Mechanism
User-invoked headless AI agent execution with default full access and auto-approval.
Rationale
No concrete malicious behavior is present in the inspected package source. Warn because the package intentionally exposes a high-privilege, auto-approved AI-agent execution path.
Evidence
package.jsonscripts/postinstall.cjsdist/main.js

Decision evidence

public snapshot
AI called this Suspicious at 89.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/main.js` exposes a headless AI task runner.
  • `linghun run` defaults to `full-access` mode.
  • Headless runs auto-approve local tool confirmations unless `--no-auto-approve` is supplied.
  • `dist/main.js` delegates task execution to `@linghun/tui`.
Evidence against
  • `scripts/postinstall.cjs` only chmods known package-owned optional binaries.
  • No network, shell/process execution, eval, or foreign AI-agent config writes appear in inspected files.
  • API-key reads are used for local diagnostic status and displayed masked.
Behavioral surface
Source
CryptoEnvironmentVarsFilesystem
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 27.1 KB of source

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.cjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem