AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found by source inspection. Dangerous primitives are explicit AI-agent platform features activated by user commands or plugin setup, with visible sandbox/network/file boundaries.
Decision evidence
public snapshot- package.json has no install/postinstall hook; prepublishOnly only runs before publishing.
- bin/tianshu.mjs is a minimal CLI shim importing packages/server/dist/cli.js.
- plugins/web-search/dist/tools/web-fetch.js explicitly blocks localhost, private ranges, link-local, and metadata hosts before fetch and after redirect.
- plugins/openshell/dist/runner/openshell-runner.js provides user-invoked sandbox exec/file sync with path traversal checks, not install-time execution.
- packages/server/dist/setup/start-server.js/launchd.js write .env and launchd plist only through setup/start flows with prompts/status handling.
- plugins/wechat/dist/ilink-media.js uploads user-supplied media to WeChat/iLink endpoints as channel functionality.
Source & flagged code
5 flagged · loading sourcePackage source references dynamic require/import behavior.
bin/tianshu.mjsView on unpkg · L29Package source references weak cryptographic algorithms.
plugins/wechat/dist/ilink-media.jsView on unpkg · L18Source writes installer persistence such as shell profile or service configuration.
packages/server/dist/setup/start-server.jsView on unpkg · L21Source reaches cloud instance metadata or link-local credential endpoints.
plugins/web-search/dist/tools/web-fetch.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version.
plugins/openshell/dist/runner/openshell-runner.jsView on unpkg