AI Security Review
scanned 21h ago · by lpm-firewall-aiNo confirmed malicious install-time or import-time attack surface was found. Risky primitives are aligned with a user-invoked AI coding CLI and its documented MCP/plugin/shell features.
Decision evidence
public snapshot- bin/clew.cjs auto-runs Bun installer via curl/PowerShell if bun is missing, but only when the clew CLI is invoked.
- dist/main.js exposes agent/MCP/plugin/permission-bypass features typical of an AI coding CLI.
- scripts/install.sh and scripts/install.ps1 install Bun and clew-code globally, but are npm scripts only when explicitly run.
- package.json has no install/postinstall/preinstall lifecycle hook; only prepublishOnly build hook.
- package.json bin exposes clew/clewcode launchers that run local dist/main.js via Bun.
- README.md documents a local-first AI coding agent with MCP, plugins, shell tools, and provider APIs.
- No package source found planting CLAUDE.md, .mcp.json, .claude, Codex/Cursor settings, shell startup files, or VCS hooks at install time.
- GitHub-token scripts are development/maintenance scripts, not bin/import/lifecycle reachable.
Source & flagged code
7 flagged · loading sourceSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/claudevil.cjsView on unpkg · L1Source downloads or fetches remote code and executes it.
bin/clew.cjsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
bin/clew.cjsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
scripts/install.shView on unpkgPackage contains source files above the static scanner size ceiling.
dist/main.jsView on unpkg