AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is a user-invoked Lumine/Twinkle CLI that performs platform API calls, workspace sync, asset upload, and diagnostics after explicit commands.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs the lumine CLI command.
Impact
Expected project files, .twinkle metadata, auth file, assets manifest, and platform build state may be read or changed by explicit user commands.
Mechanism
Authenticated CLI for Twinkle build/workspace operations.
Rationale
Static inspection shows no install-time execution, credential exfiltration, stealth persistence, destructive behavior, or unconsented AI-agent control-surface mutation. The flagged primitives are aligned with an authenticated CLI for Twinkle/Lumine build management and are activated by user commands.
Evidence
package.jsonbin/lumine.jslib/commands.jslib/auth.jslib/http.jslib/api.jslib/workspace.jslib/assets.jslib/doctor.jslib/constants.js~/.twinkle/lumine-cli-auth.json.twinkle/lumine-project.json.twinkle/assets.jsonAGENTS.mdCLAUDE.mdTWINKLE_BUILD_SDK.md
Network endpoints4
api.twinkle.networkwww.twin-kle.compreview.lumine.appregistry.npmjs.org
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
- lib/auth.js can spawn OS browser opener during explicit login command.
- lib/doctor.js dynamically requires Playwright from LUMINE_PLAYWRIGHT_MODULE or playwright for explicit doctor browser probe.
- lib/workspace.js and lib/assets.js write/delete workspace metadata and project files during user-invoked CLI commands.
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hooks; only bin is bin/lumine.js.
- bin/lumine.js only dispatches to lib/commands.js after user CLI invocation.
- Network calls are Twinkle/Lumine platform API, preview, site, npm registry, or presigned asset upload URLs controlled by explicit commands/options.
- Auth token is read from TWINKLE_AUTH_TOKEN or ~/.twinkle/lumine-cli-auth.json and sent as Authorization to configured API, with no unrelated harvesting loop.
- No eval/vm/remote payload execution found; dynamic require is limited to optional Playwright loading for doctor probe.
- Workspace writes are bounded to selected project directories using path resolution and metadata checks, not broad agent control-surface mutation at install time.
Behavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcelib/doctor.jsView file
431async function loadHdr(url) {
L432: const { RGBELoader } = await import('/build/vendor/three/0.184.0/addons/loaders/RGBELoader.js');
L433: const texture = await new Promise((resolve, reject) => {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
lib/doctor.jsView on unpkg · L431lib/commands.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @stage5/lumine@0.2.6
matchedIdentity = npm:QHN0YWdlNS9sdW1pbmU:0.2.6
similarity = 0.545
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
lib/commands.jsView on unpkgFindings
1 High3 Medium5 Low
HighPrevious Version Dangerous Deltalib/commands.js
MediumDynamic Requirelib/doctor.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License