AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Risky primitives are user-invoked and aligned with an AI quota automation CLI that runs local agents, schedules jobs, and sends configured notifications.
Decision evidence
public snapshot- package.json has no install/postinstall lifecycle hooks; CLI is only bin/main entrypoint.
- dist/cli/index.js auth runs `claude setup-token` only under explicit `afterburner auth` and stores token locally.
- Network use is package-aligned: npm update check, ntfy/Telegram notifications, npm registry lookup.
- Scheduler/statusline persistence is explicit user-invoked setup, with prompts/backups, not install-time mutation.
- Agent and verify command execution is core documented functionality for running user-configured repos/tasks.
- README.md discloses no telemetry and describes local agent, scheduler, notification, and PR workflow.
Source & flagged code
7 flagged · loading sourceSource executes local commands and sends command output to an external endpoint.
dist/cli/index.jsView on unpkg · L70A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli/index.jsView on unpkg · L70Package source references child process execution.
dist/cli/index.jsView on unpkg · L326A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli/index.jsView on unpkg · L3084Package source invokes a package manager install command at runtime.
dist/cli/index.jsView on unpkg · L2943Source writes installer persistence such as shell profile or service configuration.
dist/cli/index.jsView on unpkg · L70