AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious install-time or import-time attack surface was found. The package is a user-invoked AI coding agent CLI with high-risk auto-approved file and command capabilities by default when run.
Decision evidence
public snapshot- apps/cli/dist/index.cjs sets nonInteractive auto-approval to allow read/write/MCP/execute and allowedCommands ['*'] when approval is not required.
- apps/cli/dist/index.cjs loads a bundled Roo extension and bridges prompts to provider-backed agent tools over the user's workspace.
- apps/cli/dist/index.cjs upgrade command runs `sh -c` with curl-piped installer from raw.githubusercontent.com.
- package.json has no install/preinstall/postinstall lifecycle hooks; bin is user-invoked `roo`.
- API keys are read from CLI flags or provider env vars for configured LLM providers, not harvested broadly or exfiltrated in reviewed code.
- File writes target CLI settings/storage, extension mock storage, task workspace actions, or explicit upgrade flow.
- apps/cli/extension/wasm_exec_node.js is standard Go wasm runner scaffolding, not an install/import payload.
Source & flagged code
6 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version.
apps/cli/dist/index.cjsView on unpkgPackage source references child process execution.
apps/cli/dist/index.cjsView on unpkg · L18696Source exposes local file and command tools to a remote model endpoint.
apps/cli/dist/index.cjsView on unpkg · L160Package source references dynamic require/import behavior.
apps/cli/extension/wasm_exec_node.jsView on unpkg · L12Package ships WebAssembly modules.
apps/cli/extension/tree-sitter-elm.wasmView on unpkgPackage contains source files above the static scanner size ceiling.
apps/cli/extension/workers/countTokens.jsView on unpkg