AI Security Review
scanned 3h ago · by lpm-firewall-aiThis is a user-invoked AI development CLI with real shell, npm publishing, and GitHub release capabilities. No install-time execution or covert exfiltration path is established.
Decision evidence
public snapshot- `dist/agents/agents/runner.js` passes task/LLM-derived commands to `execSync` with `/bin/sh`.
- `dist/workflow/templates.js` exposes a user-invoked `publish-release` workflow that selects the package agent.
- `dist/agents/agents/package-agent.js` runs `npm publish` and writes the target project's `package.json`.
- `dist/agents/agents/github-release-agent.js` can use `GH_TOKEN`/`GITHUB_API_KEY` to create GitHub releases.
- `dist/agents/agents/tester.js` runs `npm install` and project test scripts in a copied sandbox.
- `package.json` has no `preinstall`, `install`, or `postinstall` hook.
- `dist/index.js` only starts the CLI after direct invocation.
- Network adapters target declared LLM providers and the GitHub API; no covert endpoint was found.
- Plugin loading is limited to explicit `plugins` commands and `~/.buff/agents` files.
- No credential harvesting, stealth persistence, or destructive host action was found.
Source & flagged code
9 flagged · loading sourcePackage source references child process execution.
dist/agents/agents/git-agent.jsView on unpkg · L17Package source references dynamic require/import behavior.
dist/plugins/agent-plugin.jsView on unpkg · L47Package source references weak cryptographic algorithms.
dist/memory/embedder.jsView on unpkg · L111Source mutates package metadata and republishes itself to npm.
dist/agents/agents/package-agent.jsView on unpkg · L16A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/agents/agents/package-agent.jsView on unpkg · L16Package source invokes a package manager install command at runtime.
dist/agents/agents/tester.jsView on unpkg · L198