AI Security Review
scanned 12d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a user-invoked microVM runtime with expected VM process spawning, guest command execution, local cache/registry writes, and optional gvproxy download.
Decision evidence
public snapshot- dist/index.js contains runtime child_process spawn/execFileSync APIs for VMM helpers, tar, sysctl, gvproxy, and guest exec support.
- dist/index.js can fetch gvproxy from github.com at runtime if no local gvproxy is found.
- dist/index.js writes runtime caches/registry/logs under ~/.machinen and ~/.cache/machinen during VM operations.
- package.json has no preinstall/install/postinstall lifecycle hooks and exports only dist/index.js.
- No import-time execution observed beyond definitions/exports; VM, provision, download, and exec paths are user-invoked APIs.
- README.md describes a microVM runtime; child_process, guest exec, snapshots, caches, and networking match the package purpose.
- No credential harvesting, broad filesystem scanning, exfiltration endpoint, AI-agent control-surface mutation, persistence hook, or destructive install behavior found.
- Network endpoint is package-aligned gvproxy dependency download from GitHub releases, not arbitrary command-output exfiltration.
Source & flagged code
4 flagged · loading sourceSource combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L6640Package source references dynamic require/import behavior.
dist/index.jsView on unpkg · L498