AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No concrete malicious install-time or stealth behavior was found. The remaining risk is an explicit first-party agent-extension lifecycle capability: user-run marketplace/archive skills commands can populate Claude Code skills from a Neetru GitHub repo.
Decision evidence
public snapshot- dist/commands/marketplace.js clones https://github.com/Neetru/neetru-libs.git and installs skills into ~/.claude/skills via explicit marketplace command.
- dist/lib/ai/auth-discovery.js reads Claude/Codex/Gemini credential files and env vars; dist/commands/auth.js can copy extracted API keys to Neetru config on auth pull/setup.
- dist/commands/code.js sends selected cwd file context to /api/cli/v1/ai/chat and can apply AI-proposed patches with confirmation or --yes.
- package.json has only prepublishOnly; no preinstall/install/postinstall runtime hook.
- dist/index.js only registers commander subcommands; risky actions are user-invoked, not import/install-time.
- dist/lib/code-agent-files.js constrains reads to cwd, rechecks realpath symlinks, blocks secret-looking paths, and redacts secret-like lines.
- dist/lib/config.js and dist/lib/url-allowlist.js restrict neetruApiUrl to Neetru/localhost unless explicit override is used, with warnings.
- dist/lib/telemetry.js is default-off and sends command metadata/installId only when telemetry.enabled is true.
- Shell/process execution is aligned with CLI features: git, npm, docker, tar, gcloud, browser open, and git apply for user-requested workflows.
Source & flagged code
7 flagged · loading sourcePackage contains a possible secret pattern.
dist/lib/db-pipeline/rehearse.jsView on unpkg · L68Hardcoded password in dist/lib/db-pipeline/rehearse.js
dist/lib/db-pipeline/rehearse.jsView on unpkg · L73Package source references child process execution.
dist/lib/code-agent-files.jsView on unpkg · L2Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/commands/bootstrap.jsView on unpkg · L8Package source invokes a package manager install command at runtime.
dist/lib/ai/auth-discovery.jsView on unpkg · L284This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/commands/code.jsView on unpkg