AI Security Review
scanned 1h ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. Risky primitives are tied to documented, user-invoked CLI features for project setup, browser opening, token-authenticated Principal ADE APIs, local bridge handoff, and viewer launch.
Decision evidence
public snapshot- dist/commands/init.js can install husky and write .husky/pre-commit, but only when user runs principal-ai init without --no-husky.
- dist/commands/hooks.js can run npm install --save-dev husky and mutate .husky/pre-commit, gated by explicit hooks --init/--add commands.
- dist/commands/trail.js resolves GitHub tokens via gh/git credential and may pass TRAIL_GH_TOKEN to first-party @principal-ai/trail-viewer in remote mode.
- package.json has no preinstall/install/postinstall lifecycle scripts; prepack is publish-time build only.
- dist/index.js only wires commander subcommands and parses argv; no import-time install or network action found.
- Network calls are command-scoped and package-aligned: app.principal-ade.com APIs, api.github.com user lookup, and localhost bridge/collector endpoints.
- dist/commands/starred-collections.js uses GitHub token as Authorization only for Principal ADE starred-collections API after user invokes that command.
- dist/lib/open-url.js only spawns platform browser opener for user-facing URL open behavior.
- No evidence of credential harvesting, stealth persistence, destructive behavior, remote payload execution, or broad AI-agent control-surface mutation.
Source & flagged code
10 flagged · loading sourcePackage source references child process execution.
dist/lib/open-url.jsView on unpkg · L9This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/commands/starred-collections.jsView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/commands/starred-collections.jsView on unpkg · L10Hardcoded password in dist/commands/starred-collections.js
dist/commands/starred-collections.jsView on unpkg · L39Package source invokes a package manager install command at runtime.
dist/commands/hooks.jsView on unpkg · L4Package contains source files above the static scanner size ceiling.
dist/index.cjsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/index.cjsView on unpkg