AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a local-first OrangeTree server/CLI with explicit AI-agent orchestration, remote pairing, update, and tunnel features gated by runtime configuration or local API actions.
Decision evidence
public snapshot- dist/server.js runs Claude/Codex agents and configured service commands on API actions
- dist/server.js can download pinned Newt tunnel binary and contact cloud APIs when remote mode is configured
- dist/bin/orangetree.js spawns a detached local daemon and supports self-update via global npm install
- package.json has no install/preinstall/postinstall lifecycle hooks
- dist/bin/orangetree.js default action starts/opens a local daemon, not hidden import-time malware
- dist/server.js binds local mode to 127.0.0.1 and gates remote APIs with token/cloud session auth
- agent, shell, update, tunnel, and report behavior is product-aligned and user/API invoked
- network hosts are registry.npmjs.org, github.com/fosrl/newt, api.orangetree.dev/orangetree.dev, or configured cloud URLs
- no credential harvesting or exfiltration beyond explicit bot login/profile and cloud pairing flows found
Source & flagged code
6 flagged · loading sourcePackage source references child process execution.
dist/bin/orangetree.jsView on unpkg · L87A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/bin/orangetree.jsView on unpkg · L87Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/bin/orangetree.jsView on unpkg · L64Package contains source files above the static scanner size ceiling.
dist/public/mermaid.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
dist/server.jsView on unpkg