AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. Risky primitives are user-invoked CLI features for scaffolding, package install, project build/test/start, registry operations, and local project file generation.
Decision evidence
public snapshot- dist/commands/registry.js publishes a user-supplied manifest/tarball with STREET_REGISTRY_TOKEN to a configured registry.
- dist/commands/add.js and dist/commands/create.js can run npm install, but only from explicit CLI flags/commands.
- dist/commands/verify.js executes a user-supplied verification command when explicitly invoked.
- package.json has no preinstall/install/postinstall; only prepublishOnly for publisher build verification.
- bin/street.js only imports reflect-metadata and dispatches runCli; no import-time network or mutation found.
- dist/commands/create.js credential/env references are generated starter templates/examples, not host secret collection or exfiltration.
- dist/commands/registry.js verifies manifest signature/checksum and tarball sha256 before writing plugin downloads.
- child_process use in dev/build/start/test/audit is explicit CLI behavior for running project tools.
- No AI-agent control-surface writes, obfuscation, eval payloads, or hidden persistence found.
Source & flagged code
6 flagged · loading sourcePackage source references child process execution.
dist/commands/start.jsView on unpkg · L2Package source invokes a package manager install command at runtime.
dist/commands/test.jsView on unpkg · L73Source appears to send environment or credential material to an external endpoint.
dist/commands/create.jsView on unpkg · L398A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/commands/create.jsView on unpkg · L398Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/commands/generate.jsView on unpkg · L94