AI Security Review
scanned 2h ago · by lpm-firewall-aiExplicit code-generation workflows can execute arbitrary shell text returned by a configured AI provider. Explicit package-install/import workflows clone caller-configured Git repositories and may update VS Code XML catalog settings.
Decision evidence
public snapshot- `src/codegen/index.ts` executes AI-generated `setup-command` text with `execSync`.
- Setup commands run in the current working directory after model output, without an allowlist or confirmation.
- `src/install/index.ts` clones manifest-supplied Git URLs through shell interpolation.
- `src/parser/index.ts` clones GitHub package imports during parse when absent locally.
- `src/editor-schema/index.ts` modifies the invoking project's `.vscode/settings.json`.
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- Entrypoint `dist/index.js` only exports APIs; it performs no import-time execution.
- Network calls are explicit AI-provider requests using supplied API credentials.
- Observed project writes occur in explicit CLI/library workflows, not package installation.
- No credential harvesting, covert exfiltration, persistence, or destructive payload was found.
Source & flagged code
3 flagged · loading sourcePackage source references child process execution.
dist/install/index.jsView on unpkg · L2Package source invokes a package manager install command at runtime.
dist/validator/index.jsView on unpkg · L26This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/codegen/index.jsView on unpkg