AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a local AI workflow dashboard/MCP CLI with explicit project setup, autostart, and allowlisted command-running features.
Decision evidence
public snapshot- package.json defines global-install-only postinstall importing dist/cli/postinstall.js
- dist/cli/postinstall.js reads ~/.ai-knowledge-center/server.pid.json, kills that pid, removes pid file, and restarts dist/cli/aikc.js
- dist/cli/autostart.js can create login persistence via schtasks or macOS LaunchAgent when user runs aikc autostart install
- dist/cli/project-upgrader.js can write AGENTS.md, ai-workflow.yaml, ai-knowledge/** templates, and ~/.ai-knowledge-center config on explicit aikc upgrade --write
- dist/server/command-runner.js and dist/cli/mcp-server.js execute manifest-allowlisted project commands
- Postinstall is gated to npm global installs and only restarts an existing AIKC server state file, not foreign agent config
- No credential harvesting or exfiltration endpoints found in CLI/server sources
- Network reference is package-aligned npm registry in generated ensure-aikc-cli.cjs and localhost dashboard URLs
- Project file writes require explicit user CLI actions such as upgrade --write or autostart install
- MCP/HTTP command execution is based on project manifest allowlists with dangerous confirmation support
- High-entropy findings are font assets under dist/client/assets/*.woff2
Source & flagged code
6 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource writes installer persistence such as shell profile or service configuration.
dist/cli/autostart.jsView on unpkg · L3This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli/project-upgrader.jsView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/cli/project-upgrader.jsView on unpkg · L6Package ships high-entropy non-source blobs.
dist/client/assets/GeistMono-Variable-Dispecij.woff2View on unpkg