AI Security Review
scanned 4d ago · by lpm-firewall-aiSuspicious primitives are aligned with a local desktop app for managing Claude sessions and user-defined dev servers. No confirmed malicious attack surface was found by source inspection.
Decision evidence
public snapshot- dist/server.js spawns Claude CLI with CLAUDE_CONFIG_DIR for bot sessions.
- dist/server.js has optional cloud/onboarding/tunnel fetches to orangetree endpoints.
- dist/server.js can launch user-configured service commands with shell:true.
- dist/bin/orangetree.js can spawn daemon, browser opener, npm global update command on user CLI action.
- package.json has no install/preinstall/postinstall lifecycle hooks.
- README.md describes a local-first Claude session work-tracking app requiring a user-provided claude CLI.
- dist/bin/orangetree.js only starts daemon/update/status/stop from explicit bin invocation.
- dist/server.js binds local UI to 127.0.0.1 by default and uses local headers for local daemon calls.
- Cloud/tunnel behavior is config/onboarding driven, not automatic credential harvesting.
- No evidence of hidden payloads, obfuscation, import-time exfiltration, or destructive install-time behavior.
Source & flagged code
4 flagged · loading sourcePackage source references child process execution.
dist/bin/orangetree.jsView on unpkg · L87A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/bin/orangetree.jsView on unpkg · L87Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/bin/orangetree.jsView on unpkg · L64