AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found by source inspection. Risky primitives are part of an AI coding agent and installer/runtime bootstrap, not unconsented npm install-time behavior.
Decision evidence
public snapshot- bin/clew.cjs auto-installs Bun on CLI run using curl|bash or PowerShell if bun is missing.
- dist/main.js is a large bundled AI coding agent with shell, MCP, provider API, telemetry, and remote-session features.
- scripts/install.sh and scripts/install.ps1 install Bun and globally install clew-code when explicitly run.
- package.json has no install/postinstall/prepare hook; prepublishOnly is publisher-side only.
- Declared bin entrypoints only launch bundled dist/main.js via Bun with user CLI args.
- Network endpoints in dist/main.js are aligned with AI providers, auth, telemetry, local callbacks, peer/LAN features, or documented installer behavior.
- Credential env vars/API keys are used for configured providers and GitHub maintenance scripts, not harvested at install/import time.
- MCP/project trust dialogs and dangerous development channels require runtime user interaction or explicit CLI flags.
Source & flagged code
7 flagged · loading sourceSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/claudevil.cjsView on unpkg · L1Source downloads or fetches remote code and executes it.
bin/clew.cjsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
bin/clew.cjsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
scripts/install.shView on unpkgPackage contains source files above the static scanner size ceiling.
dist/main.jsView on unpkg