AI Security Review
scanned 12d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is an AI-agent/dev automation CLI whose risky primitives are exposed through explicit setup, config, docs, update, or uninstall commands.
Decision evidence
public snapshot- User-invoked install/update paths run shell/package-manager commands in install.sh, scripts/cli.ts, installer/tools.ts.
- User-invoked config stores entered API tokens in agent .env/auth files in installer/config-module.ts and auth.ts.
- Extension augments AI-agent prompts and registers tools in extensions/autodev/index.ts, matching package purpose.
- package.json has no preinstall/postinstall lifecycle hooks; bin is only ./scripts/cli.ts.
- Network calls are package-aligned: GitHub/gh setup, npm self-update, docs seeding, VoyageAI embeddings, model provider validation.
- No source evidence of credential harvesting or exfiltration; secrets are prompted/imported by config and used for validation or SDK auth.
- Remote code/package install behavior is user-invoked install/update/doctor tooling, not import-time or install-time payload execution.
- Test secret patterns are synthetic redaction fixtures in extensions/autodev/debug/__tests__/debug.test.ts.
- Project/agent control-surface writes occur under explicit autodev init/onboard/config commands for an AI-agent framework.
Source & flagged code
10 flagged · loading sourcePackage contains a critical-looking secret pattern.
extensions/autodev/debug/__tests__/debug.test.tsView on unpkg · L247GitHub personal access token in extensions/autodev/debug/__tests__/debug.test.ts
extensions/autodev/debug/__tests__/debug.test.tsView on unpkg · L247Google API key in extensions/autodev/debug/__tests__/debug.test.ts
extensions/autodev/debug/__tests__/debug.test.tsView on unpkg · L246Package source references child process execution.
extensions/autodev/background/manager.tsView on unpkg · L150Package source references shell execution.
extensions/autodev/docs/seeding.tsView on unpkg · L194Package source invokes a package manager install command at runtime.
extensions/autodev/installer/uninstall-module.tsView on unpkg · L181Source writes installer persistence such as shell profile or service configuration.
extensions/autodev/installer/uninstall-module.tsView on unpkg · L23Source combines credential-like environment material and outbound requests; review data flow before blocking.
extensions/autodev/embeddings.tsView on unpkg · L37Source downloads or fetches remote code and executes it.
extensions/autodev/installer/tools.tsView on unpkg · L1