AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack surface is confirmed. Explicit `yue-cli agent` use can download and shell-execute the OMP installer, import local AI-agent credentials into Yue's agent configuration, and launch a capable agent extension.
Decision evidence
public snapshot- `dist/bin/yue-cli.js` runs `curl -fsSL https://omp.sh/install | sh` when explicit `agent` use cannot find `omp`.
- `dist/bin/yue-cli.js` reads `~/.codex/config.toml` and `~/.claude/settings.json`, including configured bearer/auth tokens.
- The `agent` command writes detected LLM settings to `~/.yue-cli/agent/models.yml` and launches the Oh My Pi agent with a package extension.
- `.yue-cli/extensions/yue-tools.ts` exposes an agent tool that can execute arbitrary `yue` subcommands after agent approval.
- `package.json` has no `preinstall`, `install`, or `postinstall`; its only lifecycle hook is `prepublishOnly`.
- `bin/yue-cli.mjs` only imports the CLI bundle when the user invokes a package binary.
- Credential reads and agent-home writes occur only inside the explicit `agent` command path.
- No source evidence sends harvested LLM credentials to a package-controlled remote endpoint or performs hidden install-time persistence.
Source & flagged code
5 flagged · loading sourceSource downloads or fetches remote code and executes it.
dist/bin/yue-cli.jsView on unpkg · L40Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/bin/yue-cli.jsView on unpkg · L40Package source references dynamic require/import behavior.
bin/yue-cli.mjsView on unpkg · L5