AI Security Review
scanned 3h ago · by lpm-firewall-aiThe running bridge grants its agent/local RPC surface the ability to send selected absolute-path files to bound Feishu or WeChat chats. This is an intentional but high-impact data-transfer capability, not an install-time payload.
Decision evidence
public snapshot- `src/agent-file-rpc.ts` accepts absolute paths and sends allowed local files to Feishu chats bound to a session.
- `im-skills/wechat-file-skill/send-file.mjs` reads a user-supplied absolute file and uploads it through the configured iLink client.
- `src/im-skills.ts` injects bundled file/image sending instructions into agent prompts.
- `src/orchestrator.ts` implements chat-triggered global `npm update/install` and restart behavior.
- `scripts/postinstall-sharp-check.mjs` only locally requires `sharp` and prints diagnostics; it has no network, write, or agent-control mutation.
- `src/index.ts` binds the HTTP/RPC service to `127.0.0.1`.
- No inspected source automatically harvests credentials or uploads files at install or import time.
- CLI launchers only start packaged TypeScript entrypoints with inherited user arguments/environment.
Source & flagged code
6 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references weak cryptographic algorithms.
src/builtin/context.tsView on unpkg · L50This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/orchestrator.tsView on unpkgPackage source invokes a package manager install command at runtime.
src/orchestrator.tsView on unpkg · L446