AI Security Review
scanned 8d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package has install-time behavior that downloads package binaries and installs bundled GoodVibes skills/agents into a GoodVibes home namespace. This is an agent-extension lifecycle risk, but not confirmed malicious control hijack because it stays in the package-owned namespace.
Decision evidence
public snapshot- package.json defines install hooks: preinstall runs scripts/check-bun.sh and postinstall runs bun scripts/postinstall.js.
- scripts/postinstall.js runs during install and copies bundled .goodvibes/skills, .goodvibes/agents, and .goodvibes/GOODVIBES.md into ~/.goodvibes.
- scripts/postinstall.js downloads release binaries from GitHub release URLs by default and writes them under package vendor/.
- Lifecycle deployment is unprompted, but the destination is the package-owned ~/.goodvibes namespace rather than another agent's control surface.
- scripts/check-bun.sh only validates Bun availability and exits with user-facing install text.
- Downloaded binaries are package-aligned release artifacts and SHA256SUMS.txt is fetched and checked before installing vendor binaries.
- postinstall skips existing home skill/agent files instead of overwriting them.
- No evidence found in inspected lifecycle files of credential harvesting, broad home/project agent config mutation, shell startup persistence, or exfiltration.
Source & flagged code
16 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a possible secret pattern.
src/panels/builtin/session.tsView on unpkg · L35Package source references child process execution.
bin/launcher-support.jsView on unpkg · L2Source file is highly similar to a previously finalized malicious package; route for source-aware review.
bin/launcher-support.jsView on unpkgPackage source references dynamic require/import behavior.
src/input/commands/hooks-runtime.tsView on unpkg · L120A single source file combines environment access, network access, and code or shell execution; review context before blocking.
src/verification/live-verifier.tsView on unpkg · L89Source writes persistence or remote-access backdoor material.
src/runtime/sandbox-public-gaps.tsView on unpkg · L2Package ships non-JavaScript build or shell helper files.
scripts/check-bun.shView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
src/input/commands/platform-sandbox-qemu.tsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
src/cli/completions/generate.tsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
src/cli/help.tsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
src/runtime/sandbox-qemu-templates.tsView on unpkgHardcoded password in src/runtime/onboarding/apply.ts
src/runtime/onboarding/apply.tsView on unpkg · L91