AI Security Review
scanned 9d ago · by lpm-firewall-aiNo confirmed malicious install-time or import-time attack surface was found. The package contains broad Treeseed workflow/deployment automation, but the risky operations are exposed as SDK/CLI functions rather than unconsented lifecycle behavior.
Decision evidence
public snapshot- Powerful Treeseed workflow code can run git/npm/cloud provider actions and write project config when invoked.
- dist/managed-dependencies.js can download GitHub CLI from github.com and run npm install/rebuild for Treeseed tool dependencies.
- dist/operations/services/config-runtime.js writes Treeseed machine/config files and gitignore entries during config/finalize flows.
- package.json has no postinstall/install hook; prepare points to missing scripts/prepare.ts in the packed artifact, while shipped dist/scripts/prepare.js only runs build:dist and is not the declared hook.
- No evidence of lifecycle-triggered writes to foreign AI-agent control surfaces such as CLAUDE.md, .mcp.json, Cursor/Codex settings, or home agent skills.
- dist/verification.js is a declared user-invoked bin that runs local verification/act workflows and writes temp workflow/lock files.
- Network endpoints are package-aligned release/deployment checks or managed tool downloads; credentials are Treeseed/GitHub/Cloudflare/Railway envs used by explicit operations.
- Scanner eval hit in dist/platform-operation-store.js is database exec, not JS eval.
- README and exports describe an SDK for Treeseed content, workflow, deployment, and agent runtime objects.
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
dist/scenes/render-media-assets.jsView on unpkg · L2Package source references a known benign dynamic code generation pattern.
dist/platform-operation-store.jsView on unpkg · L173Package source references dynamic require/import behavior.
dist/scenes/seed.jsView on unpkg · L21Package source references weak cryptographic algorithms.
dist/platform/book-export.jsView on unpkg · L132This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/workflow/operations.jsView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/workflow/operations.jsView on unpkg · L4212Package source invokes a package manager install command at runtime.
dist/managed-dependencies.jsView on unpkg · L472