AI Security Review
scanned 1d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established by source inspection. The package is a user-invoked CLI/server bridge for sending Claude/Codex activity through WeChat, with expected network and process-control primitives for that purpose.
Decision evidence
public snapshot- dist/server/cli.js is executable bin and exposes local Fastify API plus SSE/event handling for Claude/Codex-to-WeChat bridging.
- dist/server/cli.js reads/writes package config, WeChat credentials, relay auth token, and Claude session metadata only through runtime flows.
- dist/server/cli.js uses child_process spawn/execFile to launch configured Claude/Codex CLIs and relay-server, including detached local service behavior.
- dist/server/cli.js references package-aligned network endpoints: WeChat baseUrl, optional relay config, GitHub release URL, localhost server/SSE routes.
- package.json has no install/postinstall/prepare hook; prepublishOnly only runs build before publisher publish, not consumer install.
- No evidence of install-time execution, import-time payload execution, or decoded remote asset execution in inspected cli bundle.
- No hardcoded exfiltration host or credential harvesting beyond user-configured WeChat/relay integration paths.
- High-entropy woff2 asset is a normal bootstrap icon font under dist/web/assets, not executable code.
- Writes are bounded to user config/state/session bridge metadata used by the declared CLI service.
Source & flagged code
6 flagged · loading sourceSource fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/server/cli.jsView on unpkg · L21A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/server/cli.jsView on unpkgPackage source references child process execution.
dist/server/cli.jsView on unpkg · L2351Source launches a detached bundled service that exposes a broad-bound HTTP listener.
dist/server/cli.jsView on unpkg · L21Source writes installer persistence such as shell profile or service configuration.
dist/server/cli.jsView on unpkg · L21Package ships high-entropy non-source blobs.
dist/web/assets/bootstrap-icons-mSm7cUeB.woff2View on unpkg