AI Security Review
scanned 1d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is an AI coding-agent CLI with user-invoked shell, SSH, OAuth, and cache/config behaviors aligned with its stated functionality.
Decision evidence
public snapshot- dist/ssh/cli.js provides user-invoked ssh add/test/keygen commands and spawns ssh/ssh-keygen
- dist/tools/shell.js and dist/tools/ssh-exec.js expose agent shell/SSH execution tools gated by validators
- dist/auth/credentials.js stores access/refresh tokens under ~/.codebase/credentials.json
- package.json has no install/preinstall/postinstall hook; prepack/prepublishOnly are build/check scripts
- bin/codebase only imports dist/cli.js; dangerous actions are CLI subcommands or agent tools, not install-time behavior
- dist/ssh/cli.js keygen writes only ~/.codebase/ssh/<name> keys and prints an authorized_keys one-liner for the user
- dist/tools/ssh-exec.js only targets enrolled hosts from ~/.codebase/ssh.json or project .codebase/ssh.json
- dist/auth/cli.js and dist/auth/token-exchange.js use package-aligned OAuth endpoints on codebase.design
- bench/run.test.mjs fake GitHub token is a redaction test fixture, not a live secret
Source & flagged code
9 flagged · loading sourcePackage contains a critical-looking secret pattern.
bench/run.test.mjsView on unpkg · L24GitHub personal access token in bench/run.test.mjs
bench/run.test.mjsView on unpkg · L24Source writes persistence or remote-access backdoor material.
dist/ssh/cli.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/ssh/cli.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
bench/scenarios/add-test/verify.shView on unpkgGitHub personal access token in bench/aggregate.test.mjs
bench/aggregate.test.mjsView on unpkg · L27GitHub personal access token in bench/scenarios/memory-secret-hygiene/verify.sh
bench/scenarios/memory-secret-hygiene/verify.shView on unpkg · L14GitHub personal access token in bench/scenarios/memory-secret-hygiene/prompt.txt
bench/scenarios/memory-secret-hygiene/prompt.txtView on unpkg · L1GitHub personal access token in bench/_self-test/fake-codebase-cli.mjs
bench/_self-test/fake-codebase-cli.mjsView on unpkg · L328