AI Security Review
scanned 8h ago · by lpm-firewall-aiThe explicit TUI command can fetch and execute an unpinned external agent binary or pipe a remote installer into `sh`. It also imports local Codex/Claude provider credentials into a package-owned agent configuration.
Decision evidence
public snapshot- `dist/bin/yue-cli.js` downloads a latest-release `omp` binary, chmods it, then executes it.
- `dist/bin/yue-cli.js` falls back to `curl -fsSL https://omp.sh/install | sh` from the `tui` command.
- `dist/bin/yue-cli.js` reads `~/.codex/config.toml` and `~/.claude/settings.json`, including configured API tokens.
- Detected provider data, including API keys when present, is written to `~/.yue-cli/agent/models.yml` for the spawned agent.
- `package.json` has only `prepublishOnly`; no install-time lifecycle hook executes on consumers.
- Remote installation and agent setup occur only after explicit `yue-cli tui`/`yue` invocation.
- No package code sends harvested config contents to an attacker-controlled endpoint.
- Agent files are package-owned under `~/.yue-cli`; no foreign AI-agent config is modified.
Source & flagged code
7 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution with blocking evidence.
dist/bin/yue-cli.jsView on unpkg · L6115Source downloads or fetches remote code and executes it.
dist/bin/yue-cli.jsView on unpkg · L71Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/bin/yue-cli.jsView on unpkg · L6075Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/bin/yue-cli.jsView on unpkg · L71Package source references dynamic require/import behavior.
bin/yue-cli.mjsView on unpkg · L5