AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package has install-time lifecycle behavior that mutates package-owned AivibeClaw state and dependency files. This is risky agent-extension lifecycle setup, but source inspection did not confirm exfiltration, remote payload execution, or foreign AI-agent control-surface hijack.
Decision evidence
public snapshot- package.json defines preinstall, postinstall, and prepare lifecycle scripts.
- scripts/postinstall-bundled-plugins.mjs runs install-time maintenance and imports fs write/remove APIs.
- postinstall prunes ~/.aivibeclaw/plugin-runtime-deps and writes installed plugin index state via dist/plugin-registry-migration-B4xRcfNw.js.
- scripts/prepare-git-hooks.mjs can run git config core.hooksPath git-hooks in a source worktree.
- preinstall only detects npm/yarn/bun/pnpm and prints a package-manager warning.
- postinstall dist pruning is constrained to package dist with realpath/symlink checks.
- Baileys hotfix targets only packageRoot/node_modules/baileys/lib/Utils/messages-media.js with path validation.
- Plugin registry migration writes AivibeClaw-owned state DB, not foreign .codex/.claude/.gemini config.
- No lifecycle network fetch or credential exfiltration path confirmed.
- Runtime network/child_process capabilities appear aligned with an AI gateway CLI and user-invoked features.
Source & flagged code
24 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
dist/dist-CdD4a7gg.jsView on unpkg · L5588Hardcoded password in dist/dist-CdD4a7gg.js
dist/dist-CdD4a7gg.jsView on unpkg · L13656Hardcoded password in dist/dist-CdD4a7gg.js
dist/dist-CdD4a7gg.jsView on unpkg · L21205Package source references dynamic require/import behavior.
dist/model-selection-normalize-BTP6EeF7.jsView on unpkg · L12Package source references weak cryptographic algorithms.
dist/dist-CDBT2qiy.jsView on unpkg · L8Source writes installer persistence such as shell profile or service configuration.
dist/schtasks-tPVt5qOS.jsView on unpkg · L7Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/program-args-CJvxBmnh.jsView on unpkg · L6Source reaches cloud instance metadata or link-local credential endpoints.
dist/ssrf-BCB9zFYS.jsView on unpkg · L2Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/tui-C2Fa59Vd.jsView on unpkg · L673Package ships non-JavaScript build or shell helper files.
deploy/announce-control-center.shView on unpkgPackage ships high-entropy non-source blobs.
apps/beste-android/gradle/wrapper/gradle-wrapper.jarView on unpkgPackage ships compressed or archive-like blobs.
apps/beste-android/gradle/wrapper/gradle-wrapper.jarView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
apps/beste-android/gradle/wrapper/gradle-wrapper.jarView on unpkgHardcoded password in dist/proxy-cli.runtime-BwXQBosl.js
dist/proxy-cli.runtime-BwXQBosl.jsView on unpkg · L856Hardcoded password in docs/gateway/tailscale.md
docs/gateway/tailscale.mdView on unpkg · L118Hardcoded password in docs/gateway/configuration-reference.md
docs/gateway/configuration-reference.mdView on unpkg · L515Hardcoded password in docs/gateway/configuration-reference.md
docs/gateway/configuration-reference.mdView on unpkg · L545Hardcoded password in docs/gateway/config-channels.md
docs/gateway/config-channels.mdView on unpkg · L756Hardcoded password in docs/channels/matrix.md
docs/channels/matrix.mdView on unpkg · L74