AI Security Review
scanned 9d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a featureful CLI for Artor project publishing and org management; risky primitives are user-invoked and package-aligned.
Decision evidence
public snapshot- dist/index.js has user-invoked child_process calls for build/install/open/update commands.
- dist/index.js can send Artor, GitHub, and registry credentials to configured Artor API endpoints.
- dist/index.js writes project files such as .artor/project.json, .npmrc, .env.local, AGENTS.md, and .claude/skills/org during explicit commands.
- package.json has no install/postinstall lifecycle hooks; bin is ./dist/index.js only.
- Network default is package-aligned https://dash.artor.app, with ARTOR_API_URL/dev override for users.
- Secret files and dirs are excluded from source/package uploads, including .env, .npmrc, .ssh, .claude, and .artor.
- Credential handling is tied to explicit login/registry/skill/env/publish commands and warns against CLI secret flags.
- No import-time execution beyond dispatching the invoked CLI command; dangerous actions are command-gated.
Source & flagged code
5 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L36A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L36Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L5115Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L36