AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The user-invoked CLI auto-loads JavaScript plugins from its own `~/.buff` extension directories and exposes agents that can run shell commands, install dependencies, edit a target project, and publish it. No install-time execution or confirmed malicious exfiltration was established.
Decision evidence
public snapshot- `dist/index.js` runs plugin auto-discovery whenever the CLI starts.
- `dist/plugins/agent-plugin.js` creates and imports `.js` modules from `~/.buff/plugins` and `~/.buff/agents`.
- `dist/agents/agents/runner.js` executes task- or LLM-derived shell commands on the host when Docker is unavailable.
- `dist/agents/agents/tester.js` runs `npm install` and project tests in a generated sandbox.
- `dist/agents/agents/package-agent.js` can modify a target project package manifest and run `npm publish` for a publish task.
- `package.json` has no `preinstall`, `install`, or `postinstall` hook.
- All reviewed write, install, publish, and shell paths require CLI/agent task execution; none run on package installation or import.
- Plugin directories are package-owned `~/.buff/*`, not foreign AI-agent control surfaces.
- Provider HTTP clients use configured API keys for named inference services; no credential harvesting or unrelated exfiltration was found.
- No reviewed source used `eval`, `Function`, VM execution, native loading, destructive deletion, or stealth persistence.
Source & flagged code
10 flagged · loading sourcePackage source references child process execution.
dist/memory/embedder.jsView on unpkg · L15Package source references weak cryptographic algorithms.
dist/memory/embedder.jsView on unpkg · L15Package source references dynamic require/import behavior.
dist/plugins/agent-plugin.jsView on unpkg · L59Source mutates package metadata and republishes itself to npm.
dist/agents/agents/package-agent.jsView on unpkg · L16A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/agents/agents/package-agent.jsView on unpkg · L16Package source invokes a package manager install command at runtime.
dist/agents/agents/tester.jsView on unpkg · L296