AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is an interactive AI agent harness with user-invoked network, plugin, file-edit, and optional shell capabilities guarded by config and approvals.
Decision evidence
public snapshot- src/tools.js exposes agent tools for file writes, web fetch, and optional shell execution.
- src/plugins.js dynamically imports user/workspace/global plugin files and npm plugin packages.
- src/cli.js has explicit user commands for npm plugin install and self-update.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- bin/cdsa-harness.js only imports and runs src/cli.js on user invocation.
- src/tools.js confines file operations to configured workspace via _resolve path checks.
- src/loop.js requires approval for mutating tools and webfetch unless user enables auto approval.
- src/tools.js shell execution is disabled by default with allow_shell=false.
- Network calls are package-aligned LLM/update/model endpoints, not covert exfiltration.
Source & flagged code
4 flagged · loading sourcePackage source references dynamic require/import behavior.
src/plugins.jsView on unpkg · L40This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/cli.jsView on unpkgPackage source invokes a package manager install command at runtime.
src/cli.jsView on unpkg · L680