AI Security Review
scanned 10d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is a local Soloco daemon/CLI that can run local agent tools and sync after account authentication, but those behaviors are aligned with its stated function and mostly user/runtime-triggered.
Decision evidence
public snapshot- package.json defines postinstall: node postinstall.mjs
- postinstall.mjs can spawn dist/cli.js start on interactive global installs
- dist/cli.js contains runtime command spawning for agent CLIs
- dist/cli.js can sync authenticated syncable data to https://soloco.cloud
- postinstall.mjs gates auto-start to npm_config_global=true, TTY, non-CI, non-SSH, display, with SOLOCO_NO_AUTO_START opt-out
- No install-time credential/env/file harvesting or network calls found in postinstall.mjs
- dist/cli.js network endpoints are package-aligned account auth/cloud sync/update/local daemon routes
- runProcess strips known provider credentials and secret-shaped env vars before agent subprocesses
- runtime stdout/stderr is redacted before persistence/sync; telemetry defaults local_only
- Workspace access is user-invoked and constrained by allowed roots/protected-location checks
Source & flagged code
8 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource executes local commands and sends command output to an external endpoint.
dist/cli.jsView on unpkg · L30A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli.jsView on unpkg · L30Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
postinstall.mjsView on unpkg · L17