AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is a local-first OrangeTree work-tracking app that can run Claude CLI, local services, updates, and cloud tunnel flows after user/runtime actions.
Decision evidence
public snapshot- package.json has no install/preinstall/postinstall lifecycle hooks; bin is user-invoked dist/bin/orangetree.js.
- dist/bin/orangetree.js starts/stops a local daemon, opens browser, and self-updates only on explicit orangetree update or /api/update local request.
- dist/server.js child_process use is package-aligned: Claude CLI auth/status/login, user-configured dev service commands, Newt tunnel, update helper.
- dist/server.js network use is local UI/cloud/tunnel/update functionality with configured or fixed endpoints, not hidden exfiltration.
- Remote mode has token/cloud-session gates, work-root checks, and local-console-only guards for setup/update/shutdown/tunnel controls.
- Persistent writes are app data/project state under .orangetree or user-selected project folders; no source found harvesting credentials for outbound exfiltration.
Source & flagged code
4 flagged · loading sourcePackage source references child process execution.
dist/bin/orangetree.jsView on unpkg · L87A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/bin/orangetree.jsView on unpkg · L87Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/bin/orangetree.jsView on unpkg · L64