AI Security Review
scanned 12d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a powerful user-invoked AI agent CLI that installs/configures tooling, stores user-provided credentials locally, validates them against provider APIs, and can update/uninstall itself.
Decision evidence
public snapshot- scripts/cli.ts user-invoked update runs npm view, bun install -g autodev-ai, clears ~/.bun cache
- install.sh bootstraps Bun via curl and globally installs autodev-ai when user runs installer
- extensions/autodev/installer/config-module.ts writes user-supplied API tokens to agent .env/auth/models config
- extensions/autodev/docs/seeding.ts can fetch docs or git sparse-clone configured sources into docs corpus
- extensions/autodev/installer/uninstall-module.ts removes ~/.AutoDev, ~/.pi, ~/.autodev during explicit uninstall
- package.json has no preinstall/postinstall/prepare lifecycle hooks
- bin/autodev.js only imports scripts/cli.ts; cli main runs only when invoked as bin
- network calls are aligned with setup/update/docs features: npm, provider key validation, Discord, docs seeding
- credential use is interactive/local config or provider validation, not hidden harvesting/exfiltration
- debug.test.ts contains test dummy secret strings for redaction tests, not active credentials
- no obfuscated payloads or import-time destructive behavior found in inspected entrypoints
Source & flagged code
11 flagged · loading sourcePackage contains a critical-looking secret pattern.
extensions/autodev/debug/__tests__/debug.test.tsView on unpkg · L247GitHub personal access token in extensions/autodev/debug/__tests__/debug.test.ts
extensions/autodev/debug/__tests__/debug.test.tsView on unpkg · L247Google API key in extensions/autodev/debug/__tests__/debug.test.ts
extensions/autodev/debug/__tests__/debug.test.tsView on unpkg · L246Package source references child process execution.
extensions/autodev/background/manager.tsView on unpkg · L150Package source references shell execution.
extensions/autodev/docs/seeding.tsView on unpkg · L194Package source invokes a package manager install command at runtime.
extensions/autodev/installer/uninstall-module.tsView on unpkg · L181Source writes installer persistence such as shell profile or service configuration.
extensions/autodev/installer/uninstall-module.tsView on unpkg · L23Source combines credential-like environment material and outbound requests; review data flow before blocking.
extensions/autodev/embeddings.tsView on unpkg · L37Source downloads or fetches remote code and executes it.
extensions/autodev/installer/tools.tsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version.
extensions/autodev/installer/config-module.tsView on unpkg