AI Security Review
scanned 2h ago · by lpm-firewall-aiExplicit registry-install commands fetch mutable upstream content, write it into the current project, and can install declared dependencies. Registry paths are not visibly constrained before filesystem joins.
Decision evidence
public snapshot- `src/cli/add.ts` fetches mutable registry content from GitHub.
- `src/cli/add.ts` joins registry-supplied paths/files without visible traversal validation.
- `src/cli/registry.ts` writes fetched files and runs `bun add` for registry-supplied dependencies.
- `src/cli/feat.ts` applies remote feature file mutations to the user project.
- `package.json` has no preinstall/install/postinstall lifecycle hooks.
- Network and writes occur only after explicit `create`, `add`, or `feat` CLI commands.
- No credential harvesting, secret exfiltration, hidden persistence, or AI-agent config writes found.
- `src/core/plugins/inspector/index.ts` posts only to an explicitly configured dev AI endpoint.
Source & flagged code
4 flagged · loading sourcePackage source references dynamic require/import behavior.
src/core/plugin.tsView on unpkg · L13Package source invokes a package manager install command at runtime.
src/cli/registry.tsView on unpkg · L184This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/cli/create.tsView on unpkg