AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was established. The main residual risk is an obfuscated agent/MCP-facing package with lifecycle native dependency installation and runtime messaging/network integrations.
Decision evidence
public snapshot- package.json runs postinstall node scripts/build-native.js.
- scripts/build-native.js creates native/ and runs npm install better-sqlite3@12 --no-save --prefix native during install.
- dist output is heavily javascript-obfuscator encoded, reducing auditability.
- dist/index.js CLI can start local Express/MCP service, writes VOKO DB/logs under user config/home, and has user-invoked update/desktop start/stop process controls.
- Postinstall is package-aligned native dependency setup for better-sqlite3, not credential harvesting or agent control-surface mutation.
- No install-time writes to .mcp.json, CLAUDE.md, Claude/Codex/Cursor settings, shell startup files, VCS hooks, or OS autostart were found.
- Network use appears runtime/product-aligned: MCP HTTP on localhost, Feishu/Telegram/OpenClaw/Hermes handlers, npm registry version check, and configured backend messaging.
- dist/preload.js only rewrites require resolution for better-sqlite3 to package native path outside Electron.
- dist/core/notifier.js child_process exec only plays local notification sounds by platform at runtime.
- No source evidence of secret/env harvesting and exfiltration during install/import.
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
dist/core/notifier.jsView on unpkg · L1Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/preload.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/preload.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L2Package source invokes a package manager install command at runtime.
scripts/build-native.jsView on unpkg · L4