AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a credentialed Roster CLI/MCP client whose network request is activated by user commands or MCP tool calls.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs `brello` commands, authenticates, or starts `brello-mcp`.
Impact
Authorized team-work data may be returned to the user or configured MCP client; no stealth persistence or foreign AI-agent control-surface mutation is present.
Mechanism
Stores an opted-in Roster token and POSTs requested queries to its Roster gateway.
Rationale
The install hook is terminal-only install theatre, not a mutation or payload mechanism. Runtime networking and local token storage are explicit, package-aligned functionality, and source inspection found no concrete malicious chain.
Evidence
package.jsonlib/postinstall.mjslib/banner.mjscli.mjslib/client.mjslib/auth.mjsmcp.mjsREADME.md~/.roster/token~/.roster/.welcomed
Network endpoints1
sfmdwoxlyvajiutdmqok.supabase.co/functions/v1/roster-query
Decision evidence
public snapshotAI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- `lib/postinstall.mjs` only imports a banner and writes terminal output.
- `lib/client.mjs` sends a user-provided Roster token only when CLI/MCP queries run.
- Token storage is limited to `~/.roster/token` with mode `0600`.
- `mcp.mjs` exposes stdio MCP query tools; no Claude configuration is written.
- No child-process, eval/vm, remote-code-loading, or broad config-write primitives found.
Behavioral surface
EnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node lib/postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node lib/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings