AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package has powerful, disclosed sync features that can upload user data to Cosmos after user authentication and explicit commands or daemon enablement.
Decision evidence
public snapshot- Reads sensitive local sources when invoked: iMessage chat.db, browser history, Claude transcripts, shell history.
- User-enabled daemon/menu paths write LaunchAgent/app files and run periodic sync commands.
- Ships macOS CosmosSync.app binaries and CosmosSync.zip.
- package.json postinstall only runs `npm rebuild better-sqlite3 ... || true`; no install-time exfiltration found.
- bin/cosmos-mcp.js routes explicit subcommands; keychain/token writes occur only during provision/init/install-handler flows.
- Network calls are package-aligned to cosmos.polarity-lab.com APIs and documented in README.
- Sensitive data sync features are disclosed in README and require user commands/auth token; dry-run/status modes exist for some sources.
- No eval/vm/Function, credential harvesting beyond Cosmos key handling, prompt injection, or unconsented AI-agent config mutation found.
Source & flagged code
11 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgManifest entrypoint contains risky behavior absent from dist/build output.
bin/cosmos-mcp.jsView on unpkg · L9Package source invokes a package manager install command at runtime.
bin/cosmos-mcp.jsView on unpkg · L6Source writes installer persistence such as shell profile or service configuration.
dist/daemon/manage.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/auth/bootstrap.jsView on unpkg · L1Package ships compressed or archive-like blobs.
dist/CosmosSync.zipView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
dist/CosmosSync.zipView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
dist/settings/server.jsView on unpkg