AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Dangerous primitives are part of a user-invoked agent runtime and connector CLI, not install-time or hidden execution.
Decision evidence
public snapshot- package.json has no install/postinstall lifecycle scripts; bin is user-invoked dist/cli/main.js.
- dist/index.js only reads package.json to export VERSION.
- dist/cli/main.js commands create/start/manage a declared local agent platform, daemon, credentials, connectors, and updates.
- dist/runtime/agent/bootstrap.js shell_run is an explicit agent tool bounded to the agent project dir.
- dist/runtime/supervisor/bootstrap.js listeners default to 127.0.0.1 and package state under configured 2200 home.
- Network endpoints are declared provider/platform APIs for LLMs, OAuth, search, Slack/Discord/Spotify, npm update, or localhost services.
Source & flagged code
6 flagged · loading sourcePackage source references child process execution.
dist/runtime/install/upgrade-runner.jsView on unpkg · L1Source executes local commands and sends command output to an external endpoint.
dist/runtime/agent/bootstrap.jsView on unpkg · L1Package source references weak cryptographic algorithms.
dist/runtime/agent/bootstrap.jsView on unpkg · L1Source launches a detached bundled service that exposes a broad-bound HTTP listener.
dist/runtime/supervisor/bootstrap.jsView on unpkg · L3A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli/main.jsView on unpkg · L6Package contains source files above the static scanner size ceiling.
dist/connectors/discord/gateway.cjsView on unpkg