AI Security Review
scanned 9d ago · by lpm-firewall-aiNo confirmed malicious attack surface; observed network, filesystem, and process execution are expected for an authenticated deployment/project-management CLI. Risky operations are user-invoked commands, not install-time or hidden behavior.
Decision evidence
public snapshot- dist/index.js can package and upload project source on user-run publish/template push.
- dist/index.js has user-invoked child_process calls for build/install/update/open/install-skill flows.
- dist/index.js can write .claude/skills/org and AGENTS.md during user-run skill sync/init.
- package.json has no install/postinstall lifecycle hooks; bin only maps artor to dist/index.js.
- Network calls are to Artor CLI API paths under configured apiUrl, default https://dash.artor.app.
- Secrets are read only for explicit login/registry/skill commands and redacted from verbose logs.
- packDir excludes common secret files, .artor, .claude, node_modules, .git, .ssh, and .npmrc from source uploads.
- No import-time execution beyond dispatching CLI argv; dangerous actions require explicit commands.
- No obfuscation, eval/vm/Function, native binary loading, persistence, or destructive install-time behavior found.
Source & flagged code
5 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L36A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L36Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L5153Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L36