AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious package attack surface was found. The package exposes a plugin framework with optional connectors, webhooks, local services, sandboxed scripts, and workspace export APIs that run only when application code invokes them.
Decision evidence
public snapshot- Manifest has no preinstall/install/postinstall hooks; main is ./dist/index.js and node subpath is explicit.
- Network code is capability-gated framework code: guardedFetch asserts declared plugin network caps before fetch.
- Secret use is scoped to connector/action builders requiring ctx.env keys and declared capabilities, not ambient harvesting.
- Dynamic execution is a sandbox API using AST validation, forbidden globals, and shadowed process/fetch/require.
- child_process spawn appears only in ManagedProcess.start(), invoked by host-provided service definitions.
- Node exporter writes workspace projection files only when host calls export/checkout with a rootDir.
Source & flagged code
3 flagged · loading sourcePackage source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L8741Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/services/node.jsView on unpkg · L2