AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface. Install-time behavior only restores executable permission on the package dependency's `node-pty` helper. Runtime configuration, shell integration, Claude status-line setup, network imports, and command execution are explicit CLI/workspace actions.
Decision evidence
public snapshot- `scripts/postinstall.mjs` only chmods node-pty's local `spawn-helper` to 0755.
- Postinstall has no network, shell execution, credential reads, or agent-config mutation.
- `dist/cli/index.js` Claude and shell setup is reached only through interactive `ovr bootstrap` confirmations.
- Remote fetch accepts a user-entered bootstrap import URL; no hard-coded collection endpoint exists.
- Dynamic import loads only a repository's explicit `ovr.config.*` during CLI use.
- Secret, port, and environment registries store workspace state under the package config directory; no exfiltration path found.
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource writes persistence or remote-access backdoor material.
dist/cli/index.jsView on unpkg · L39A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli/index.jsView on unpkg · L39This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli/index.jsView on unpkgPackage source references dynamic require/import behavior.
dist/cli/index.jsView on unpkg · L141Package source references weak cryptographic algorithms.
dist/cli/index.jsView on unpkg · L39