AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No concrete malicious chain is established. The package seeds first-party agent extensions on CLI first run and includes an explicit installer that can modify a Hermes installation.
Decision evidence
public snapshot- `dist/cotal.js` enables extensions and documents first-run seeding of four agent connectors.
- `seeded-connectors/hermes/bin/install.mjs` installs/enables a Hermes plugin and writes COTAL settings when explicitly run.
- `seeded-connectors/opencode/dist/serve.js` launches OpenCode and manages local state under `COTAL_OPENCODE_HOME/.cotal`.
- Bundled connectors expose agent spawn/persona controls, a meaningful agent-capability surface.
- Root `package.json` has no preinstall, install, or postinstall hook.
- `dist/cotal.js` is a user-invoked CLI bin; importing/installing the root package does not execute its CLI path.
- OpenCode launcher binds its service to `127.0.0.1` and its fetch call targets that local service.
- No confirmed credential harvesting, arbitrary remote payload execution, reverse shell, or command-output exfiltration was found.
Source & flagged code
10 flagged · loading sourcePackage source references child process execution.
seeded-connectors/claude/dist/index.jsView on unpkg · L55Source executes local commands and sends command output to an external endpoint.
seeded-connectors/pi/dist/index.jsView on unpkg · L12Package source references shell execution.
seeded-connectors/pi/dist/index.jsView on unpkg · L15566Package source references dynamic require/import behavior.
seeded-connectors/claude/dist/hook.cjsView on unpkg · L7Source matches reverse-shell style process and socket wiring.
seeded-connectors/opencode/dist/serve.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
seeded-connectors/opencode/dist/serve.jsView on unpkg · L1Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
seeded-connectors/opencode/dist/serve.jsView on unpkg · L1Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
seeded-connectors/hermes/bin/install.mjsView on unpkg · L21Package ships non-JavaScript build or shell helper files.
seeded-connectors/hermes/plugin/cotal/hooks.pyView on unpkgPackage contains source files above the static scanner size ceiling.
seeded-connectors/claude/dist/mcp.cjsView on unpkg