AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is an AI CLI/agent tool with user-invoked network, shell, and file-write capabilities aligned with its stated purpose.
Decision evidence
public snapshot- package.json has no install/postinstall hook; prepublishOnly is publisher-side compile/check only.
- bin/knowhow.js only re-execs ts_build/src/cli.js with --no-node-snapshot, forwarding user CLI args.
- ts_build/src/cli.js registers commands after migrateConfig/getConfig; no import-time exfiltration or hidden payload execution seen.
- src/clients/xai.ts sends user-requested model inputs to https://api.x.ai/v1 with XAI_API_KEY as provider auth, not arbitrary env harvesting.
- Shell/file-write primitives in src/chat/modules/ShellCommandModule.ts, src/plugins/exec.ts, and src/agents/tools/writeFile.ts are explicit CLI/agent features.
- tests/manual/ycmd/test_ycmd_usage.py is plain sample code; scanner payload flag appears to be file-type noise.
Source & flagged code
12 flagged · loading sourcePackage source references dynamic require/import behavior.
bin/knowhow.jsView on unpkg · L2Package source references shell execution.
tests/manual/browser-login/test_cli_integration.tsView on unpkg · L24Source appears to send environment or credential material to an external endpoint.
ts_build/src/clients/xai.jsView on unpkg · L14A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
ts_build/src/clients/xai.jsView on unpkg · L14Package source invokes a package manager install command at runtime.
tests/manual/ycmd/debug_diagnostics_test.tsView on unpkg · L112Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
tests/manual/ycmd/test_ycmd_usage.pyView on unpkgPackage ships non-JavaScript build or shell helper files.
tests/manual/ycmd/test_ycmd_usage.pyView on unpkgHardcoded password in tests/unit/commands/github-credentials.test.ts
tests/unit/commands/github-credentials.test.tsView on unpkg · L31Supabase service role key (JWT) in tests/fixtures/fake-secret.txt
tests/fixtures/fake-secret.txtView on unpkg · L1Hardcoded password in ts_build/tests/unit/commands/github-credentials.test.js
ts_build/tests/unit/commands/github-credentials.test.jsView on unpkg · L19