AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is a feature-rich Artor CLI with network, file-write, and child_process capabilities gated behind user-invoked commands.
Decision evidence
public snapshot- dist/index.js has user-invoked child_process use for project build/install, global update/install, and Artor skill/plugin install commands.
- dist/index.js can write project files such as .npmrc, .env.local, .claude/skills/org/*, AGENTS.md, and ~/.artor/config.json when matching CLI commands run.
- dist/index.js sends ARTOR_GITHUB_TOKEN or ARTOR_REGISTRY_TOKEN only in explicit skill add/registry add request bodies.
- package.json has no install/postinstall lifecycle hooks; bin only maps artor to ./dist/index.js.
- Network traffic is CLI-aligned to configured Artor API default https://dash.artor.app, plus public npm/GitHub skill installer URLs for explicit update/install paths.
- API verbose logging redacts authorization/cookie/token/password/secret fields and token-like values.
- No import-time execution beyond dispatching the invoked CLI command; dangerous actions are behind explicit subcommands/prompts.
- Publish uploads current project artifact/source to /api/cli/publish, which matches the package purpose of publishing prototypes.
Source & flagged code
5 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L36A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L36Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L5182Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L36