AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a bundled Cline-style autonomous coding agent CLI with expected runtime access to files, shell, plugins, MCP, provider APIs, telemetry, and optional updates when invoked by the user.
Decision evidence
public snapshot- README.md advertises powerful coding-agent behavior including file edits, shell commands, MCP, and YOLO auto-approval.
- dist/index.mjs contains user-invoked plugin, MCP, skill, update, worktree, dashboard, and agent runtime commands.
- dist/index.mjs has guarded auto-update via CLINE_AUTO_UPDATE_ON_STARTUP and explicit update command that can run package-manager installs.
- package.json has no preinstall/install/postinstall lifecycle scripts.
- dist/index.cjs only dynamically imports dist/index.mjs and calls runCli as the CLI entrypoint.
- Dangerous primitives are runtime CLI features documented in README.md and activated by user commands or env flags, not import/install-time behavior.
- dist/extensions/plugin-sandbox-bootstrap.js loads declared Cline plugins through IPC and validates manifests; no hardcoded exfiltration endpoint found.
- Network endpoints found are package-aligned Cline, npm registry, model provider, telemetry, and user-configured MCP/provider URLs.
- No evidence of credential harvesting beyond user-supplied provider/API keys for the coding agent workflow.
Source & flagged code
4 flagged · loading sourcePackage source references dynamic require/import behavior.
dist/index.cjsView on unpkg · L1Package ships WebAssembly modules.
dist/tree-sitter-markdown_inline-j5349f42.wasmView on unpkgPackage contains source files above the static scanner size ceiling.
dist/index.mjsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/index.mjsView on unpkg