AI Security Review
scanned 13m ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time behavior was found. The notable risk is explicit user-command setup/sync of Artor skills into local AI-agent skill locations.
Decision evidence
public snapshot- dist/index.js:1387-1681 implements explicit `artor skill sync` that writes `.claude/skills/org/*` and `AGENTS.md`.
- dist/index.js:6497-6654 implements explicit `artor install-claude-plugin`/`install-skills` that runs `claude` or `npx` installers.
- dist/index.js:253 and 2016 write tokens/config to `~/.artor/config.json` and project `.npmrc` during login/registry commands.
- package.json has no preinstall/install/postinstall lifecycle scripts; only `bin` points to `dist/index.js`.
- dist/index.js network calls target Artor APIs (`https://dash.artor.app`) or npm/GitHub URLs and are tied to user-invoked CLI commands.
- dist/index.js:1280-1307 excludes `.claude`, `.artor`, `.env`, `.npmrc`, credentials, keys, and similar secrets from packaged source uploads.
- dist/index.js:8-34 redacts tokens/secrets in verbose logs instead of exposing them.
- dist/index.js:581-600 validates spawned binary names/args before shelling out.
Source & flagged code
3 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L36A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L36Package source references dynamic require/import behavior.
dist/index.jsView on unpkg · L692