AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is an AI coding CLI with expected user-invoked shell, file-editing, web, model, and MCP features; install-time behavior is limited to creating a local config directory.
Decision evidence
public snapshot- package.json has postinstall lifecycle: node scripts/postinstall.js
- dist/index.js embeds strong AI-agent tool-use instructions, including terminal/write_file behavior
- dist/tools/builtin/terminal.js exposes user-invoked shell execution
- dist/tools/mcp/manager.js can add MCP server config from registry packages
- scripts/postinstall.js only creates ~/.daedalus config directory; no network or payload execution
- dist/tools/builtin/terminal.js filters sensitive env vars and gates install commands
- dist/tools/mcp/stdio.js sanitizes env and rejects shell metacharacters in configured command
- Network use is package-aligned: model endpoints, npm update check, DuckDuckGo search, MCP registry
- File writes are user-invoked CLI tools or local config/session state, not install-time takeover
- No credential harvesting, exfiltration, persistence, destructive install action, or hidden payload found
Source & flagged code
9 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/tools/mcp/stdio.test.jsView on unpkg · L2Package source invokes a package manager install command at runtime.
dist/tools/builtin/files.jsView on unpkg · L187Package source references dynamic require/import behavior.
dist/tools/executor.jsView on unpkg · L9Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/tools/builtin/screenshot.jsView on unpkg · L10Package ships non-JavaScript build or shell helper files.
Daedalus.batView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/agents/orchestrator.test.jsView on unpkg