AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The notable risk is user-invoked runtime bootstrapping of Bun and an expected AI coding-agent CLI with shell, network, MCP, and plugin features.
Decision evidence
public snapshot- bin/clew.cjs auto-installs Bun on CLI run if bun is missing using curl|bash or PowerShell iex.
- dist/main.js is a large bundled AI coding-agent CLI with shell/tool/MCP/plugin capabilities reachable after user invocation.
- package.json has no install/postinstall hooks; prepublishOnly is publisher-side only.
- bin/clew.cjs and bin/claudevil.cjs only resolve bun then spawn dist/main.js with user CLI args.
- scripts/install.sh and scripts/install.ps1 are explicit installer helpers, not npm lifecycle hooks.
- README documents provider API keys and AI coding-agent behavior matching dist/main.js provider endpoints.
- dist/main.js provider network endpoints are package-aligned AI APIs, local Ollama, GitHub feedback, and Anthropic SDK code.
- No confirmed credential harvesting, persistence, destructive action, or unconsented AI-agent control-surface writes found.
Source & flagged code
7 flagged · loading sourceSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/claudevil.cjsView on unpkg · L1Source downloads or fetches remote code and executes it.
bin/clew.cjsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
bin/clew.cjsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
scripts/install.shView on unpkgPackage contains source files above the static scanner size ceiling.
dist/main.jsView on unpkg