AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is an explicit CLI for budget-gated AI agent automation, notifications, scheduling, and updates; risky primitives are user-invoked and aligned with documented functionality.
Decision evidence
public snapshot- dist/chunk-5AFOTJE7.js builds user-invoked Claude/Codex agent runs with child_process and git/gh commands.
- dist/cli/index.js update command can run npm/pnpm/yarn/bun global update, but only via `afterburner update`.
- dist/cli/index.js statusline/schedule/auth commands write user config or scheduler files after explicit CLI prompts/commands.
- package.json has no install/postinstall lifecycle hooks; bin entrypoints are manual CLI commands.
- dist/core/index.js only re-exports bundled core; no import-time execution observed.
- Notifier network use is package-aligned and configured: ntfy, Telegram, and npm registry update checks.
- Agent prompts treat task/issue text as untrusted data and use isolated worktrees plus review/default-branch checks.
- Secrets are read from documented env vars; ntfy token is only sent over https and agent env strips Anthropic API tokens.
- skill/SKILL.md is a thin wrapper for explicit afterburner requests, not automatic control-surface mutation.
Source & flagged code
8 flagged · loading sourceSource executes local commands and sends command output to an external endpoint.
dist/cli/index.jsView on unpkg · L70A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli/index.jsView on unpkg · L70This package version adds a dangerous source file absent from the previous stored version.
dist/cli/index.jsView on unpkgPackage source references child process execution.
dist/cli/index.jsView on unpkg · L326A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli/index.jsView on unpkg · L3073Package source invokes a package manager install command at runtime.
dist/cli/index.jsView on unpkg · L2932Source writes installer persistence such as shell profile or service configuration.
dist/cli/index.jsView on unpkg · L70