AI Security Review
scanned 11d ago · by lpm-firewall-aiA real unresolved command-injection risk exists in the Discord slash-command bridge. It is activated by a Discord message handled by the configured bot, not by package install or import.
Decision evidence
public snapshot- extensions/autodev/discord/slash.ts builds execSync shell strings from Discord command args in handleTaskCommand.
- /autodev task only escapes double quotes; shell metacharacters like command substitution remain inside the execSync command string.
- scripts/cli.ts update runs user-invoked npm/bun self-update and rm -rf of bun cache, not install-time.
- extensions/autodev/installer/tools.ts can curl/bash Homebrew and install OS tools, but only via installer/doctor flow.
- extensions/autodev/embeddings.ts sends document/query text to VoyageAI with VOYAGE_API_KEY when docs embedding is invoked.
- package.json has no preinstall/postinstall lifecycle hooks.
- bin entry is scripts/cli.ts; import-time behavior is limited to function definitions until import.meta.main.
- extensions/autodev/debug/__tests__/debug.test.ts contains test fake secret data for redaction, not live credentials.
- Network endpoints are aligned with documented features: Discord, GitHub/npm update, Voyage embeddings, docs seeding, installer validation.
- Uninstall destructive rmSync targets are explicit AutoDev home/config/state paths and require autodev uninstall.
Source & flagged code
11 flagged · loading sourcePackage contains a critical-looking secret pattern.
extensions/autodev/debug/__tests__/debug.test.tsView on unpkg · L247GitHub personal access token in extensions/autodev/debug/__tests__/debug.test.ts
extensions/autodev/debug/__tests__/debug.test.tsView on unpkg · L247Google API key in extensions/autodev/debug/__tests__/debug.test.ts
extensions/autodev/debug/__tests__/debug.test.tsView on unpkg · L246Package source references child process execution.
extensions/autodev/background/manager.tsView on unpkg · L150Package source references shell execution.
extensions/autodev/docs/seeding.tsView on unpkg · L194Package source invokes a package manager install command at runtime.
extensions/autodev/installer/uninstall-module.tsView on unpkg · L181Source writes installer persistence such as shell profile or service configuration.
extensions/autodev/installer/uninstall-module.tsView on unpkg · L23Source combines credential-like environment material and outbound requests; review data flow before blocking.
extensions/autodev/embeddings.tsView on unpkg · L37Source downloads or fetches remote code and executes it.
extensions/autodev/installer/tools.tsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version.
extensions/autodev/discord/slash.tsView on unpkg