AI Security Review
scanned 8h ago · by lpm-firewall-aiNo confirmed malicious attack surface. Install-time behavior locally patches an AgentDB dependency for compatibility, while Claude configuration changes require an explicit init command.
Decision evidence
public snapshot- `package.json` runs `scripts/postinstall.cjs` at install time.
- `scripts/postinstall.cjs` locates reachable `agentdb` installs and copies missing `dist/src` directories into their legacy `dist` paths.
- The postinstall script performs only local AgentDB compatibility copying; it contains no network, shell, payload download, or credential collection.
- `augmentExports` is defined but not called; the lifecycle path invokes only `copySiblings`.
- Claude configuration writes are reached through explicit `swarmdo init`; `dist/src/commands/init.js` exposes `--no-global`.
- Registry fetches in `dist/src/services/registry-api.js` are explicit plugin-rating, analytics, health, and download-tracking functions, not install-time behavior.
Source & flagged code
17 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/src/init/statusline-generator.jsView on unpkg · L85Package source invokes a package manager install command at runtime.
dist/src/init/statusline-generator.jsView on unpkg · L222Source writes installer persistence such as shell profile or service configuration.
dist/src/init/statusline-generator.jsView on unpkg · L18Package source references dynamic require/import behavior.
dist/src/init/executor.jsView on unpkg · L272Package source references a known benign dynamic code generation pattern.
dist/src/commands/security.jsView on unpkg · L143A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/src/benchmarks/gaia-tools/grounded_query.js#virtual:normalized:round1View on unpkg · L49Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/src/memory/neural-package-bridge.jsView on unpkg · L38Package ships WebAssembly modules.
vendor/rabitq-wasm/swarmvector_rabitq_wasm_bg.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
plugins/swarmdo-metaharness/scripts/smoke.shView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.claude/skills/sdo-caveman-compress/scripts/benchmark.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/src/changelog/changelog.jsView on unpkgHardcoded password in .claude/agents/sparc/refinement.md
.claude/agents/sparc/refinement.mdView on unpkg · L339Hardcoded password in .claude/agents/sparc/refinement.md
.claude/agents/sparc/refinement.mdView on unpkg · L367Hardcoded password in .claude/agents/sparc/refinement.md
.claude/agents/sparc/refinement.mdView on unpkg · L543