AI Security Review
scanned 3h ago · by lpm-firewall-aiThe explicit `cardan detect --all-users` command can enumerate readable user homes and reveal Claude Code/Grok OAuth access tokens on stdout. It also provides opt-in OAuth loaders that update the corresponding credential file after a token refresh.
Decision evidence
public snapshot- `dist/cli.js` exposes `cardan detect --all-users`, which scans readable home directories and prints live OAuth tokens.
- `dist/detect-D6Qh5_jP.js` reads Claude Code and Grok credential files from each discovered user home, including privileged homes.
- `dist/cli.js` formats access tokens into ready-to-paste environment-variable lines, including tokens from other users.
- `dist/index.js` exports loaders that can read those CLI credential files and write refreshed tokens back.
- `package.json` has no `preinstall`, `install`, or `postinstall` hook; `prepublishOnly` is publisher-time only.
- Credential scanning runs only after explicit CLI invocation or explicit exported-loader use; package import has no harvesting side effect.
- No child-process execution, arbitrary remote code loading, or network endpoint sends harvested credentials.
- Documented provider network calls in `dist/index.js` are SDK API requests, not credential exfiltration.
Source & flagged code
4 flagged · loading source`dist/cli.js` exposes `cardan detect --all-users`, which scans readable home directories and prints live OAuth tokens.
dist/cli.jsView on unpkg`dist/cli.js` formats access tokens into ready-to-paste environment-variable lines, including tokens from other users.
dist/cli.jsView on unpkg`dist/detect-D6Qh5_jP.js` reads Claude Code and Grok credential files from each discovered user home, including privileged homes.
dist/detect-D6Qh5_jP.jsView on unpkg`dist/index.js` exports loaders that can read those CLI credential files and write refreshed tokens back.
dist/index.jsView on unpkg