AI Security Review
scanned 11d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Install-time code mutates GoodVibes AI-agent control surfaces in the user's home directory. The global GOODVIBES.md file contains mandatory behavioral directives, so installing the npm package changes future agent behavior without a separate user invocation.
Decision evidence
public snapshot- package.json defines preinstall and postinstall lifecycle hooks.
- scripts/postinstall.js runs at install and copies bundled .goodvibes files into the user's home directory.
- scripts/postinstall.js writes .goodvibes/GOODVIBES.md to ~/.goodvibes/GOODVIBES.md, a global AI-agent instruction surface.
- .goodvibes/GOODVIBES.md contains mandatory directives controlling agent planning, tool use, and workflow behavior.
- .goodvibes/agents/reviewer.md and .goodvibes/skills/add-provider/SKILL.md are installed into ~/.goodvibes/tui agent/skill directories without an explicit user command.
- scripts/postinstall.js also downloads and installs executable release binaries into vendor/ during install.
- Binary download is package-aligned to the package GitHub release path and checks a SHA256SUMS file from the same release URL.
- No credential harvesting or off-host secret exfiltration was confirmed in inspected lifecycle files.
- Bundled reviewer/add-provider content is not itself an obvious secret stealer or destructive payload.
Source & flagged code
11 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a possible secret pattern.
src/panels/builtin/session.tsView on unpkg · L35Package source references child process execution.
bin/launcher-support.jsView on unpkg · L2Package source references dynamic require/import behavior.
src/input/commands/hooks-runtime.tsView on unpkg · L120A single source file combines environment access, network access, and code or shell execution; review context before blocking.
src/verification/live-verifier.tsView on unpkg · L89Source writes persistence or remote-access backdoor material.
src/runtime/sandbox-public-gaps.tsView on unpkg · L2Package ships non-JavaScript build or shell helper files.
scripts/check-bun.shView on unpkgHardcoded password in src/runtime/onboarding/apply.ts
src/runtime/onboarding/apply.tsView on unpkg · L91