AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious install-time or import-time behavior was found. Runtime capabilities are those of an interactive AI agent CLI and are user-invoked, with Guardian rules intended to detect dangerous shell/network patterns.
Decision evidence
public snapshot- dist/cli.js has explicit user commands that can fetch/import agent definitions from a URL and run saved agents.
- dist/cli.js has an optional `agents cron --apply` command that writes an OS scheduler entry.
- dist/cli.js ships many network-capable integrations and model/router endpoints.
- package.json has no preinstall/install/postinstall hook; only prepublishOnly build/test/smoke.
- dist/cli.js scanner reverse-shell/exfil hits are Guardian regex rules that block such commands, not executed attack code.
- dist/cli.js network endpoints are user-selected routers/channels/connectors or ORIRO assets, not hidden exfil sinks.
- dist/cli.js writes state under ~/.oriro and project AGENTS.md only via explicit CLI/chat commands.
- skills/craft/uipm-design-system/scripts/generate-tokens.cjs only reads a token JSON and writes generated CSS/Tailwind output when invoked.
- skills/technical/api-builder/SKILL.md contains example API key/JWT text, not an active secret or code path.
Source & flagged code
17 flagged · loading sourcePackage contains a critical-looking secret pattern.
skills/technical/api-builder/SKILL.mdView on unpkg · L94Supabase service role key (JWT) in skills/technical/api-builder/SKILL.md
skills/technical/api-builder/SKILL.mdView on unpkg · L94Source appears to send environment or credential material to an external endpoint.
dist/cli.jsView on unpkg · L69Source executes local commands and sends command output to an external endpoint.
dist/cli.jsView on unpkg · L69Source matches reverse-shell style process and socket wiring.
dist/cli.jsView on unpkg · L69A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli.jsView on unpkg · L69Source reaches cloud instance metadata or link-local credential endpoints.
dist/cli.jsView on unpkg · L69Source writes installer persistence such as shell profile or service configuration.
dist/cli.jsView on unpkg · L69Package source references dynamic require/import behavior.
skills/craft/uipm-design-system/scripts/generate-tokens.cjsView on unpkg · L9Package source references weak cryptographic algorithms.
skills/impeccable/scripts/live-svelte-component.mjsView on unpkg · L20Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
skills/impeccable/scripts/live-server.mjsView on unpkg · L15Package source invokes a package manager install command at runtime.
skills/craft/vercel-optimize/lib/vercel.mjsView on unpkg · L15Package ships non-JavaScript build or shell helper files.
skills/model-usage/scripts/test_model_usage.pyView on unpkgPackage ships high-entropy non-source blobs.
skills/theme-factory/theme-showcase.pdfView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
skills/uipm-ui-styling/scripts/tests/test_shadcn_add.pyView on unpkg