AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Risky primitives are part of an explicit Cowork/Claude test harness CLI and are user-invoked rather than install-time or import-time behavior.
Decision evidence
public snapshot- dist/decide/external-channel.js exposes user-supplied --decider-cmd with shell:true, but comments and CLI help show it is an explicit operator command.
- dist/sync/cowork-sync.js can run npx @electron/asar and read Claude Desktop files, but only inside explicit macOS sync().
- dist/cli.js and dist/dotenv.js load auth env/.env for harness runs; dist/secrets.js scrubs known token values from persisted logs.
- package.json has no preinstall/install/postinstall; only prepublishOnly and prepack maintenance scripts.
- dist/cli.js is a declared CLI for running sandbox/test harness commands, not import-time execution.
- dist/run/execute.js writes run artifacts under the harness runs directory and has path/session guards before deletion or resume.
- .claude/skills/cowork-harness/scripts/_vendor/yaml/scanner.py is PyYAML source vendored for linting, not an executable payload.
- Network references are package-aligned: Claude downloads/API, GitHub schema URLs, egress proxy checks, and user-invoked sync/doctor/run paths.
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
dist/decide/external-channel.jsView on unpkg · L4Package source references a known benign dynamic code generation pattern.
dist/decide/decider.jsView on unpkg · L987Package source invokes a package manager install command at runtime.
dist/sync/cowork-sync.jsView on unpkg · L165Package ships non-JavaScript build or shell helper files.
python/conftest.pyView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.claude/skills/cowork-harness/scripts/_vendor/yaml/scanner.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/run/execute.jsView on unpkg