AI Security Review
scanned 5h ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a user-invoked AI coding CLI with file and shell capabilities that are aligned with its stated purpose, not lifecycle-triggered persistence or control-surface hijacking.
Decision evidence
public snapshot- dist/core/tools.js exposes model-invoked write_file and run_command tools during CLI sessions
- dist/tools/shell.js defines a shell tool using child_process execFile
- dist/core/insforge.js runs user-session setup command `npx @insforge/cli link` if InsForge config is missing
- package.json has no install/postinstall hook; only prepublishOnly/prepack build scripts
- dist/cli/index.js only registers user-invoked `zoe` commands
- dist/core/insforge.js reads InsForge config and fetches declared API-key secrets for OpenRouter use
- dist/core/agent.js sends chat requests to OpenRouter with package-aligned headers
- No writes to Claude/Codex/Cursor/MCP or other foreign AI-agent control surfaces found
- No credential harvesting beyond configured InsForge/OpenRouter flow found
Source & flagged code
4 flagged · loading sourcePackage source references child process execution.
dist/tools/shell.jsView on unpkg · L2This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/core/insforge.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/core/insforge.jsView on unpkg · L48