AI Security Review
scanned 17h ago · by lpm-firewall-aiNo confirmed malicious attack surface was established by source inspection. The package is a large AI coding-agent CLI with user-invoked network, plugin, MCP, remote-session, and shell capabilities.
Decision evidence
public snapshot- bin/clew.cjs auto-installs Bun via curl/PowerShell when the user runs clew and Bun is missing
- dist/main.js exposes agent capabilities including MCP, plugins, remote sessions, and explicit permission-bypass flags
- scripts/install.sh and scripts/install.ps1 install clew-code globally via Bun and may install Bun
- package.json has no install/postinstall lifecycle hook; prepublishOnly is publish-time build only
- bin/clew.cjs and bin/claudevil.cjs launch bundled dist/main.js with locally resolved Bun and do not hide import-time payloads
- Dangerous agent features in dist/main.js are CLI commands/options, not unconsented npm lifecycle mutations
- No evidence of credential harvesting/exfiltration or foreign AI-agent control-surface writes during install/import
- Network endpoints are mostly provider/auth/docs/update/telemetry URLs aligned with an AI coding CLI
Source & flagged code
7 flagged · loading sourceSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/claudevil.cjsView on unpkg · L1Source downloads or fetches remote code and executes it.
bin/clew.cjsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
bin/clew.cjsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
scripts/install.shView on unpkgPackage contains source files above the static scanner size ceiling.
dist/main.jsView on unpkg