AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No unconsented install-time attack behavior was found. The main risky surface is explicit CLI/autoloop operation that uploads artifacts to Archal/E2B and configures a sandboxed Codex workspace.
Decision evidence
public snapshot- dist/commands/autoloop-worker.cjs builds sandbox scripts that copy package skills into repo/.codex/skills and write ~/.codex/config.toml inside the E2B sandbox.
- dist/commands/autoloop-worker.cjs uploads trace/repo artifacts to E2B sandbox.files.write during explicit autoloop worker execution.
- dist/cli.cjs observability setup can open GitHub PRs that add Archal OTLP instrumentation when user runs observability setup-pr.
- package.json has no preinstall/install/postinstall; prepare points to absent scripts/prepare.cjs and is not a registry install hook.
- bin/archal.cjs only requires dist/cli.cjs when the CLI is invoked.
- dist/index.cjs only re-exports the SDK; no import-time shell or network action found.
- Network endpoints are package-aligned: archal.ai/api.archal.ai, GitHub API, E2B, and PostHog telemetry.
- Command execution and repo mutation are tied to explicit CLI/autoloop sandbox workflows, with redaction logic for secrets.
- Scanner eval/obfuscation hits are bundled library/parser patterns, not hidden payload execution.
Source & flagged code
12 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/sdk/index.cjsView on unpkg · L14220GitHub personal access token in dist/sdk/index.cjs
dist/sdk/index.cjsView on unpkg · L14220Package source references child process execution.
dist/vitest/chunk-2PDHTPZC.jsView on unpkg · L3750Source executes local commands and sends command output to an external endpoint.
dist/commands/autoloop-worker.cjsView on unpkg · L56Package source references shell execution.
dist/commands/autoloop-worker.cjsView on unpkg · L31029Package source references dynamic code evaluation.
dist/commands/autoloop-worker.cjsView on unpkg · L35297Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/commands/autoloop-worker.cjsView on unpkg · L56Package source references dynamic require/import behavior.
bin/archal.cjsView on unpkg · L2Package contains source files above the static scanner size ceiling.
dist/cli.cjsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/cli.cjsView on unpkg