AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established by source inspection. Risky primitives are part of an advertised AI-agent CLI and are user-invoked rather than install-time or hidden.
Decision evidence
public snapshot- dist/cli.js exposes an AI-agent CLI with user-invoked tool/agent orchestration and bot-channel hosting.
- dist/cli.js stores user-supplied Telegram/Discord tokens locally in ~/.oriro/channels.json when `oriro channels add` is run.
- skills/web-artifacts-builder/scripts/init-artifact.sh contains user-invoked npm/pnpm install commands for project scaffolding.
- package.json has no install/preinstall/postinstall hook; prepublishOnly is publisher-side only.
- Scanner reverse-shell/exfil hits in dist/cli.js are Guardian regex rules that block those behaviors, not executed payloads.
- Network use is package-aligned: LLM routers, avatar fetches, Discord/Telegram validation, and user-started channels.
- Shell-outs found are bounded/user-facing helpers such as audio playback and Vercel CLI execFile, not hidden install-time execution.
- skills/technical/api-builder/SKILL.md contains example API/JWT text, not a live secret used by code.
- Entrypoint only registers commands and starts the REPL on explicit CLI execution.
Source & flagged code
12 flagged · loading sourcePackage contains a critical-looking secret pattern.
skills/technical/api-builder/SKILL.mdView on unpkg · L94Supabase service role key (JWT) in skills/technical/api-builder/SKILL.md
skills/technical/api-builder/SKILL.mdView on unpkg · L94Source appears to send environment or credential material to an external endpoint.
dist/cli.jsView on unpkg · L8Source executes local commands and sends command output to an external endpoint.
dist/cli.jsView on unpkg · L8Source matches reverse-shell style process and socket wiring.
dist/cli.jsView on unpkg · L8A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli.jsView on unpkg · L8Source writes installer persistence such as shell profile or service configuration.
dist/cli.jsView on unpkg · L8Package source invokes a package manager install command at runtime.
skills/craft/vercel-optimize/lib/vercel.mjsView on unpkg · L15Package ships non-JavaScript build or shell helper files.
skills/model-usage/scripts/test_model_usage.pyView on unpkgPackage ships high-entropy non-source blobs.
skills/theme-factory/theme-showcase.pdfView on unpkg