AI Security Review
scanned 1d ago · by lpm-firewall-aiGlobal install executes an unpinned remote shell installer from swirls.ai, then copies the installed CLI binary into the package bin path. The package source itself does not show credential theft, AI-agent hijack, persistence, or destructive behavior.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/install.js
- scripts/install.js runs curl -fsSL https://swirls.ai/install | bash with shell:true
- Remote installer runs during global npm/Bun install outside CI and non-Windows
- scripts/install.js copies ~/.local/bin/swirls into package bin/swirls after remote install
- No package source writes Claude/Codex/Cursor/MCP control surfaces
- No credential harvesting, destructive file operations, persistence hooks, or exfiltration found in package files
- bin/swirls is a placeholder shell script that only prints reinstall guidance
- README documents global CLI install and supported platforms
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource downloads or fetches remote code and executes it.
scripts/install.jsView on unpkg · L13A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
scripts/install.jsView on unpkg · L13Package source references child process execution.
scripts/install.jsView on unpkg · L13Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
scripts/install.jsView on unpkg · L13