AI Security Review
scanned 3h ago · by lpm-firewall-aiThe CLI is a persistent remote desktop sidecar. A gateway command can invoke limited desktop helpers and retrieve clipboard content. No install-time attack behavior is present.
Decision evidence
public snapshot- `dist/index.cjs` is deliberately obfuscated, impeding audit.
- Runtime opens a persistent authenticated WebSocket and accepts remote `cmd` messages.
- `desktop.exec` permits remote browser, terminal, resize, and clipboard actions.
- Clipboard reads return up to 256 KB through the gateway.
- `child_process.spawn` launches fixed platform helpers and `xclip`.
- `package.json` has no preinstall, install, or postinstall hook.
- `dist/index.cjs` starts only as the declared CLI entrypoint.
- Remote commands are restricted to an explicit action allowlist.
- Spawned programs and resize dimensions are fixed/validated; no shell or eval path found.
- No package-file harvesting, arbitrary file writes, payload download, or agent-config mutation found.
Source & flagged code
4 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.cjsView on unpkg · L1Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/index.cjsView on unpkg · L1Package source references dynamic require/import behavior.
dist/index.cjsView on unpkg · L1