AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is an AI-agent CLI with user-invoked network/model/channel features and local ~/.oriro state, but no install-time execution or hidden exfiltration behavior was found.
Decision evidence
public snapshot- package.json has no install/postinstall lifecycle; only prepublishOnly for publisher-side build/test/smoke.
- dist/cli.js scanner reverse-shell/exfil hits are Guardian regex rules that block dangerous commands, not active payloads.
- dist/cli.js bin starts an interactive ORIRO CLI and registers user-invoked commands; no import-time exfiltration found.
- Network calls are package-aligned: LLM router probes/chat, avatar fetch, and Telegram/Discord/WhatsApp channel features after user commands.
- Local writes are user configuration under ~/.oriro and temp avatar WAV files; no persistence or shell startup modification found.
- skills/technical/api-builder/SKILL.md contains illustrative API/JWT examples, not live credentials or executable code.
Source & flagged code
12 flagged · loading sourcePackage contains a critical-looking secret pattern.
skills/technical/api-builder/SKILL.mdView on unpkg · L94Supabase service role key (JWT) in skills/technical/api-builder/SKILL.md
skills/technical/api-builder/SKILL.mdView on unpkg · L94Source appears to send environment or credential material to an external endpoint.
dist/cli.jsView on unpkg · L8Source executes local commands and sends command output to an external endpoint.
dist/cli.jsView on unpkg · L8Source matches reverse-shell style process and socket wiring.
dist/cli.jsView on unpkg · L8A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli.jsView on unpkg · L8Source writes installer persistence such as shell profile or service configuration.
dist/cli.jsView on unpkg · L8Package source invokes a package manager install command at runtime.
skills/craft/vercel-optimize/lib/vercel.mjsView on unpkg · L15Package ships non-JavaScript build or shell helper files.
skills/model-usage/scripts/test_model_usage.pyView on unpkgPackage ships high-entropy non-source blobs.
skills/theme-factory/theme-showcase.pdfView on unpkg