AI Security Review
scanned 2h ago · by lpm-firewall-aiNo install-time attack is established. Running `teamos` or the gateway executes opaque V8 bytecode that source inspection cannot fully audit; its embedded strings indicate command execution, environment access, local credential-path references, and package-aligned integrations.
Static reason
No blocking static signals were detected.
Trigger
User runs `teamos`, imports the main entrypoint, or starts the gateway.
Impact
Potential command, local-file, environment, and network access remains unresolved.
Mechanism
Opaque Bytenode bytecode execution with local orchestration integrations.
Rationale
No concrete malicious behavior or unconsented install-time control-surface mutation was established, but the actual executable logic is opaque bytecode containing high-risk primitives and external endpoints.
Evidence
package.jsoncli.jsgateway.jsREADME.mdcli.x64.jscgateway.x64.jsconboarding-plugin/skills/onboarding/SKILL.mdcli.arm64.jscgateway.arm64.jsc
Network endpoints5
api.anthropic.comslack.com/api/auth.testapi.figma.com/v1/meapi.notion.com/v1/users/meregistry.npmjs.org
Decision evidence
public snapshotAI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `cli.js` and `gateway.js` execute architecture-specific opaque `.jsc` payloads through `bytenode`.
- The four executable bytecode files total about 16 MB and contain `child_process`, `execSync`/`spawnSync`, `process.env`, `.npmrc`, and `/.ssh` strings.
- Bytecode contains external API literals for Anthropic, Slack, Figma, Notion, GitHub, and npm registry endpoints.
Evidence against
- `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle script.
- The readable loaders only perform Node/CPU checks and load local bytecode.
- `README.md` describes user-invoked local orchestration, optional integrations, and optional service setup via `teamos init`.
- No readable source proves credential harvesting, exfiltration, destructive behavior, or foreign AI-agent configuration mutation.
Behavioral surface
ChildProcessDynamicRequireFilesystemNetworkWebSocket
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Source & flagged code
2 flagged · loading sourcegateway.jsView file
1'use strict';
L2: var path = require('node:path');
L3: var fs = require('node:fs');
Medium
Dynamic Require
Package source references dynamic require/import behavior.
gateway.jsView on unpkg · L1gateway.x64.jscView file
•path = gateway.x64.jsc
kind = node_bytecode
sizeBytes = 4171296
magicHex = [redacted]
High
Findings
1 High4 Medium4 Low
HighShips Node Bytecodegateway.x64.jsc
MediumDynamic Requiregateway.js
MediumNetwork
MediumProtestware
MediumStructural Risk Force Deep Review
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings