AI Security Review
scanned 2h ago · by lpm-firewall-aiThis is an explicit autonomous coding-agent CLI with broad project file, shell, git, and web-fetch capabilities delegated to a configured LLM. The risk is real dual-use capability, but source inspection did not find install-time compromise, hidden exfiltration, persistence, or unconsented AI-agent control-surface mutation.
Decision evidence
public snapshot- tools/index.js exposes LLM-invoked write/patch/delete, shell command/script, git commit, arbitrary url_fetch, and npm registry lookup tools.
- runtime/agent.js gives the selected model those tools during `codeably "task"` sessions and includes cwd context.
- bin/create-codeably.js can run `npm install -g codeably` or `sudo npm install -g codeably`, but only after an interactive prompt.
- install-shortcut.sh and install-shortcut.ps1 append a `cb` shortcut to shell profiles when explicitly run.
- package.json has no preinstall/install/postinstall/prepare lifecycle hook.
- Network endpoints are configured LLM providers, localhost Ollama, arbitrary user/model-requested url_fetch, and npm registry lookup; no hidden exfil endpoint found.
- config/setup.js stores user API keys locally in ~/.codeably/config.json; runtime/client.js sends them only as API credentials to configured baseURL.
- Destructive delete_file/delete_files_bulk require confirm_delete approval in runtime/agent.js/tools/index.js.
- No eval/vm/native binary/obfuscated payload found in package files.
Source & flagged code
4 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
tools/index.jsView on unpkgPackage source invokes a package manager install command at runtime.
bin/create-codeably.jsView on unpkg · L4Package ships non-JavaScript build or shell helper files.
install-shortcut.shView on unpkg