AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package contains powerful agent runtime features, but they are documented and activated by user CLI/daemon/agent workflows rather than install-time or import-time code.
Decision evidence
public snapshot- package.json exposes bin ./dist/cli/main.js and has no install/postinstall lifecycle hooks.
- dist/runtime/agent/bootstrap.js defines shell_run using /bin/sh -c and returns stdout/stderr.
- dist/runtime/agent/bootstrap.js connects agent pub traffic over WebSocket after explicit agent startup.
- dist/runtime/supervisor/bootstrap.js starts local supervisor/web/connector services; default web host is 127.0.0.1 but setup can set 0.0.0.0.
- dist/runtime/install/upgrade-runner.js runs npm install -g only during explicit update flow.
- dist/index.js only reads package.json version on import; no hidden import-time execution.
- Command execution is a documented agent tool bounded to the agent project directory, not a lifecycle payload.
- Credential/token storage is under 2200 state paths and uses vault/OAuth flows described by README.
- Network endpoints are aligned with LLM providers, registry update checks, OpenSCUT registration, and configured local services.
- No evidence of broad env/file harvesting, stealth persistence, destructive install behavior, or unconsented AI-agent control-surface mutation.
Source & flagged code
6 flagged · loading sourcePackage source references child process execution.
dist/runtime/install/upgrade-runner.jsView on unpkg · L1Source executes local commands and sends command output to an external endpoint.
dist/runtime/agent/bootstrap.jsView on unpkg · L1Package source references weak cryptographic algorithms.
dist/runtime/agent/bootstrap.jsView on unpkg · L1Source launches a detached bundled service that exposes a broad-bound HTTP listener.
dist/runtime/supervisor/bootstrap.jsView on unpkg · L3A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli/main.jsView on unpkg · L6Package contains source files above the static scanner size ceiling.
dist/connectors/discord/gateway.cjsView on unpkg