AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package contains broad deployment, verification, managed dependency, and agent-platform SDK capabilities, but inspected behavior is user-invoked and package-aligned rather than hidden lifecycle hijack or exfiltration.
Decision evidence
public snapshot- package.json has a prepare hook: node --import tsx ./scripts/prepare.ts.
- dist/scripts/prepare.js runs npm run build:dist via spawnSync when not skipped.
- dist/managed-dependencies.js can download GitHub CLI, run npm install/rebuild, and install gh-act when installTreeseedDependencies is invoked.
- dist/plugin-default.js advertises agent execution providers including copilot and codex.
- dist/index.js and dist/operations.js are export/import aggregators; no install-time or import-time credential harvesting observed.
- No .mcp.json, CLAUDE.md, .claude, Cursor, Codex settings, or foreign AI-agent control-surface writes found.
- Runtime file writes are package/project-aligned, e.g. .treeseed/config/machine.yaml and .gitignore via user-invoked config helpers.
- Network endpoints are Treeseed, GitHub, Cloudflare, Railway, Docker, npm/PyPI/crates/Hex, and localhost endpoints consistent with SDK/deploy tooling.
- Service credential handling maps TREESEED_* env vars to tool env vars; no exfiltration sink or unrelated collection found.
- Verification/bin code runs local tools and temp workflows only when invoked as treeseed-sdk-verify or exported APIs.
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
dist/scenes/render-media-assets.jsView on unpkg · L2Package source references a known benign dynamic code generation pattern.
dist/platform-operation-store.jsView on unpkg · L173Package source references dynamic require/import behavior.
dist/scenes/seed.jsView on unpkg · L21Package source references weak cryptographic algorithms.
dist/platform/book-export.jsView on unpkg · L132This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/workflow/operations.jsView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/workflow/operations.jsView on unpkg · L4234Package source invokes a package manager install command at runtime.
dist/managed-dependencies.jsView on unpkg · L472