AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package exposes expected coding-agent shell, test, publishing, and optional plugin capabilities, all activated at CLI/runtime rather than installation.
Decision evidence
public snapshot- package.json has no preinstall/install/postinstall hook.
- dist/index.js only starts the CLI after direct execution.
- dist/agents/agents/package-agent.js publishes only when a package task requests publish.
- dist/agents/agents/runner.js executes commands only through CLI/task-plan actions.
- dist/plugins/agent-plugin.js loads only user-owned ~/.buff plugin directories.
- No source path inspected harvests or exfiltrates credentials.
Source & flagged code
10 flagged · loading sourcePackage source references child process execution.
dist/memory/embedder.jsView on unpkg · L15Package source references weak cryptographic algorithms.
dist/memory/embedder.jsView on unpkg · L15Package source references dynamic require/import behavior.
dist/plugins/agent-plugin.jsView on unpkg · L59Source mutates package metadata and republishes itself to npm.
dist/agents/agents/package-agent.jsView on unpkg · L16A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/agents/agents/package-agent.jsView on unpkg · L16Package source invokes a package manager install command at runtime.
dist/agents/agents/tester.jsView on unpkg · L296