AI Security Review
scanned 58m ago · by lpm-firewall-aiNo confirmed malicious attack surface. The high-risk code is an opt-in Cursor adapter isolation feature, not install-time or import-time behavior.
Decision evidence
public snapshot- build/adapters/cursor-isolation.js exposes opt-in sandbox/broker code that spawns bwrap/sandbox-exec and writes isolation helper files at runtime.
- build/adapters/cursor-broker.js proxies requests and injects a real Cursor key when a dummy sentinel bearer is used.
- package.json has no preinstall/install/postinstall lifecycle hooks and main only exports modules.
- build/index.js only re-exports adapters; it does not start isolation or broker on import.
- build/adapters/cursor.js calls prepareIsolation only when caller supplies providerOptions.isolation.
- build/adapters/cursor-broker.js forwards only to api.cursor.com or api2.cursor.sh, which are package-aligned Cursor endpoints.
- build/adapters/cursor-isolation.js strips CURSOR_API_KEY from child env and limits child egress through the broker.
- No credential harvesting, arbitrary remote payload loading, destructive action, persistence, or AI-agent config mutation was found.
Source & flagged code
4 flagged · loading sourceSource matches reverse-shell style process and socket wiring.
build/adapters/cursor-isolation.jsView on unpkg · L13A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
build/adapters/cursor-isolation.jsView on unpkg · L13This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
build/adapters/cursor-isolation.jsView on unpkgPackage source references child process execution.
build/adapters/cursor-isolation.jsView on unpkg · L13