AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. Dangerous primitives are present but are package-aligned, user-invoked CLI/daemon/agent capabilities rather than install-time or hidden execution.
Decision evidence
public snapshot- package.json has no install/preinstall/postinstall lifecycle hooks; bin is explicit 2200 CLI.
- dist/index.js only reads package.json to export VERSION.
- dist/runtime/agent/bootstrap.js shell_run is an agent tool running in ctx.projectDir and requires an agent task path.
- dist/runtime/supervisor/bootstrap.js web server defaults to 127.0.0.1:2200; 0.0.0.0 is not the daemon default.
- dist/runtime/install/upgrade-runner.js npm install is gated by TWENTYTWOHUNDRED_* upgrade env vars/user update flow.
- Network endpoints are aligned with LLM/OAuth/search/registry features of an AI agent platform.
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
dist/runtime/install/upgrade-runner.jsView on unpkg · L1Source executes local commands and sends command output to an external endpoint.
dist/runtime/agent/bootstrap.jsView on unpkg · L1Package source references weak cryptographic algorithms.
dist/runtime/agent/bootstrap.jsView on unpkg · L1Source launches a detached bundled service that exposes a broad-bound HTTP listener.
dist/runtime/supervisor/bootstrap.jsView on unpkg · L3A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli/main.jsView on unpkg · L6This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli/main.jsView on unpkgPackage contains source files above the static scanner size ceiling.
dist/connectors/discord/gateway.cjsView on unpkg