AI Security Review
scanned 2h ago · by lpm-firewall-aiThe package has an install-time remote execution surface via postinstall, plus broad user-invoked AI agent capabilities at runtime. No confirmed malicious exfiltration, persistence outside package-owned paths, or unconsented foreign AI-agent control-surface mutation was found.
Decision evidence
public snapshot- package.json defines postinstall and prepare lifecycle scripts.
- scripts/postinstall.mjs runs `curl -fsSL https://bun.sh/install | bash` on non-Windows during install.
- scripts/postinstall.mjs can run `npm install --no-save` for @opentui Windows optional native package.
- scripts/postinstall.mjs rewrites node_modules/@opentui/react/chunk-fm0c65gm.js.
- dist/index.js registers terminal, code_exec, file write/edit, MCP, browser, OSINT and other broad agent tools by default.
- dist/mcp/McpRegistry.js persists enabled MCP servers under ~/.aurix/mcp/servers.json and can launch npx -y MCP presets.
- No lifecycle write to foreign AI-agent surfaces such as CLAUDE.md, .mcp.json, Cursor/Codex settings, or ~/.claude paths found.
- MCP configuration is under the package-owned ~/.aurix namespace and presets are user-invoked, not auto-enabled on install.
- No credential harvesting or exfiltration path was confirmed in inspected lifecycle, launcher, config, update, or MCP setup files.
- bin/aurix.js only launches dist/index.js with Bun/Node and passes existing environment to the child.
- Network endpoints observed are package-aligned update/provider/tool APIs rather than a hidden collection server.
Source & flagged code
13 flagged · loading sourceTarball package.json differs from the npm registry version manifest for scripts or dependency sets.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a possible secret pattern.
dist/tools/tempmail/TempMail.jsView on unpkg · L5Package source references dynamic require/import behavior.
bin/aurix.jsView on unpkg · L38Package source references weak cryptographic algorithms.
dist/tools/captcha/FuncaptchaSolver.jsView on unpkg · L14Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/tools/Osint.jsView on unpkg · L316Source reaches cloud instance metadata or link-local credential endpoints.
scripts/test-bug-bounty.mjsView on unpkg · L52Package source invokes a package manager install command at runtime.
dist/tools/Pdf.jsView on unpkg · L68Package ships native binary artifacts.
dist/token-counter.linux-x64-gnu.nodeView on unpkgPackage ships non-JavaScript build or shell helper files.
bin/aurix.cmdView on unpkg