AI Security Review
scanned 6h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface. The package is an explicit AI-agent automation CLI with guarded setup commands that can mutate first-party Claude/Afterburner config and run local agent workflows when the user enables them.
Decision evidence
public snapshot- dist/cli/index.js registers user commands that install scheduler artifacts and Claude/Codex integrations.
- dist/cli/index.js statusline install edits Claude settings and can append a shell rc prompt block after confirmation.
- dist/cli/index.js skill install copies bundled skill/SKILL.md into ~/.claude/skills/afterburner.
- dist/chunk-5O7MBC45.js runs claude/codex, git, gh, setup and verify commands on configured repos.
- dist/cli/index.js can send configured notifications to Telegram and ntfy over HTTPS.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- Risky actions are CLI subcommands or live backend behavior, not install-time execution.
- Tokens are prompted/read from env for auth and notification setup; code masks Claude setup-token output and stores token mode 0600.
- Ntfy token is only sent to HTTPS servers; Telegram token goes to configured Telegram API base only if HTTPS.
- Agent prompts explicitly mark task/issue text and verify output as untrusted data.
- No evidence of hidden payload download, stealth persistence, credential harvesting, or unconsented broad agent control mutation.
Source & flagged code
7 flagged · loading sourceSource executes local commands and sends command output to an external endpoint.
dist/cli/index.jsView on unpkg · L79A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli/index.jsView on unpkg · L79Package source references child process execution.
dist/cli/index.jsView on unpkg · L344A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli/index.jsView on unpkg · L3203Package source invokes a package manager install command at runtime.
dist/cli/index.jsView on unpkg · L3050Source writes installer persistence such as shell profile or service configuration.
dist/cli/index.jsView on unpkg · L79