AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is a CLI automation tool with powerful user-invoked operations, but no install-time execution or hidden exfiltration was identified.
Decision evidence
public snapshot- dist/cli/index.js has user-invoked commands that spawn tools such as claude, codex, git, gh, brew, launchctl, and package-manager update commands.
- dist/cli/index.js can write scheduler entries, Claude statusLine settings, shell rc prompt blocks, OAuth token files, and bundled Claude skill files when corresponding subcommands/prompts are used.
- dist/chunk-MYXWLJW7.js runs live AI agents against configured repos and can push/merge PRs when explicitly configured.
- package.json has no install/postinstall/preinstall lifecycle hooks; executable surface is bin-only.
- Default config/backend is dry-run, with live Codex and auto-merge requiring explicit opt-ins.
- Potentially dangerous behavior is documented and package-aligned: AI quota automation, scheduling, statusline, notifications, and self-update.
- Untrusted task text is passed via stdin/env and verification commands use execFile/argv splitting rather than shell strings in reviewed paths.
- Network use is aligned: npm update checks, ntfy notifications, GitHub/gh workflows, configured repo remotes.
Source & flagged code
6 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version.
dist/chunk-MYXWLJW7.jsView on unpkgPackage source references child process execution.
dist/chunk-MYXWLJW7.jsView on unpkg · L527Source writes installer persistence such as shell profile or service configuration.
dist/chunk-MYXWLJW7.jsView on unpkg · L255A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli/index.jsView on unpkg · L2849Package source invokes a package manager install command at runtime.
dist/cli/index.jsView on unpkg · L2708