AI Security Review
scanned 13d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. User-invoked installer mutates a Claude Code control surface to bypass permissions and trust Cloudflare token provisioning. This is a real AI-agent safety downgrade even though much of the system-install behavior is package-aligned.
Decision evidence
public snapshot- dist/permissions-seed.js writes brand-scoped .claude/settings.json with permissions.defaultMode="bypassPermissions".
- dist/permissions-seed.js autoMode allows Cloudflare token minting and token persistence under account secrets.
- dist/index.js installClaudeCode() invokes npm install -g @anthropic-ai/claude-code@latest and registers Claude marketplaces/plugins.
- dist/index.js runtime installer uses sudo/systemctl/crontab/chattr and writes services under the user/system environment.
- dist/index.js fetches package/deb keys and repos from registry.npmjs.org, dl.google.com, deb.nodesource.com, and debian.neo4j.com.
- package.json has no install/postinstall hook; activation is via user-run bin create-sitedesk-code or prepublishOnly for maintainers.
- Network and package-manager use is consistent with a system installer for SiteDesk/Claude-backed service stack.
- dist/index.js redacts secret-bearing shell logs and stores generated passwords locally under brand config paths.
- High-entropy blobs are public fonts/images and bundled web assets, not executed payloads in inspected evidence.
- No evidence found of credential harvesting from unrelated paths or exfiltration to attacker-controlled endpoints.
Source & flagged code
19 flagged · loading sourcePackage contains a possible secret pattern.
payload/platform/scripts/smoke-boot-services.shView on unpkg · L317A single source file combines environment access, network access, and code or shell execution with blocking evidence.
dist/index.jsView on unpkg · L134Source downloads or fetches remote code and executes it.
dist/index.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L1Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L1Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L1066Source writes installer persistence such as shell profile or service configuration.
dist/index.jsView on unpkg · L1Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
payload/platform/plugins/prompt-optimiser/skills/prompt-optimiser/__tests__/restatement-ladder.test.shView on unpkgPackage ships non-JavaScript build or shell helper files.
payload/platform/plugins/prompt-optimiser/skills/prompt-optimiser/__tests__/restatement-ladder.test.shView on unpkgPackage ships high-entropy non-source blobs.
payload/server/public/assets/cormorant-latin-ext-500-normal-AH9qog1s.woff2View on unpkgHardcoded password in payload/platform/plugins/email/mcp/dist/__tests__/email-delete.test.js
payload/platform/plugins/email/mcp/dist/__tests__/email-delete.test.jsView on unpkg · L52Hardcoded password in payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.js
payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.jsView on unpkg · L28Hardcoded password in payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.js
payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.jsView on unpkg · L43Hardcoded password in payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.js
payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.jsView on unpkg · L57Hardcoded password in payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.js
payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.jsView on unpkg · L127Hardcoded password in payload/platform/lib/task-secrets/src/__tests__/redact-secrets.test.ts
payload/platform/lib/task-secrets/src/__tests__/redact-secrets.test.tsView on unpkg · L73