AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. Risky primitives are user-invoked and aligned with a terminal AI-agent CLI, channel integrations, local state, and bundled skills.
Decision evidence
public snapshot- dist/cli.js is a terminal AI-agent CLI that can run user-requested workflows through imported Pi agent dependencies.
- dist/cli.js stores user-supplied Telegram/Discord channel tokens in local ~/.oriro/channels.json when `oriro channels add` is invoked.
- Bundled skills include many operational instructions and a PDF/blob, increasing review surface.
- package.json has no install/postinstall lifecycle; only prepublishOnly for publisher-side build/test/smoke checks.
- Scanner reverse-shell/exfil hits in dist/cli.js are defensive Guardian regex rules, not executed payloads.
- Network calls are package-aligned: router validation to AI APIs, avatar fetch from oriro.ai, and user-invoked Discord/Telegram validation.
- Shell use found is execFile/spawn for Vercel helper or local audio playback, with fixed commands/argument arrays.
- README.md describes the same AI-agent, Guardian, channels, and local journal behavior exposed by dist/cli.js.
- No native binaries or install-time droppers found in the package root.
Source & flagged code
12 flagged · loading sourcePackage contains a critical-looking secret pattern.
skills/technical/api-builder/SKILL.mdView on unpkg · L94Supabase service role key (JWT) in skills/technical/api-builder/SKILL.md
skills/technical/api-builder/SKILL.mdView on unpkg · L94Source appears to send environment or credential material to an external endpoint.
dist/cli.jsView on unpkg · L8Source executes local commands and sends command output to an external endpoint.
dist/cli.jsView on unpkg · L8Source matches reverse-shell style process and socket wiring.
dist/cli.jsView on unpkg · L8A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli.jsView on unpkg · L8Source writes installer persistence such as shell profile or service configuration.
dist/cli.jsView on unpkg · L8Package source invokes a package manager install command at runtime.
skills/craft/vercel-optimize/lib/vercel.mjsView on unpkg · L15Package ships non-JavaScript build or shell helper files.
skills/model-usage/scripts/test_model_usage.pyView on unpkgPackage ships high-entropy non-source blobs.
skills/theme-factory/theme-showcase.pdfView on unpkg