AI Security Review
scanned 27m ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package has a minimal first-party postinstall config-directory creation and broad user-invoked AI coding CLI capabilities.
Decision evidence
public snapshot- package.json defines postinstall lifecycle: node scripts/postinstall.js
- scripts/postinstall.js creates ~/.daedalus during install
- dist/index.js enables --auto-approve/-y mode for runtime agent tools when user invokes CLI
- scripts/postinstall.js only imports fs/os/path and creates the first-party ~/.daedalus config directory
- No install-time network, child_process, shell-profile mutation, credential access, or foreign AI-agent control writes found
- dist/tools/builtin/terminal.js strips common secret env vars and prompts before package install commands unless explicitly allowed
- dist/model.js prompts before dangerous runtime tools terminal/write_file unless auto-approve is enabled by user/config
- Network endpoints are package-aligned: npm update check, configured model endpoints, MCP transports, and web_search/fetch_url tools
- Dynamic imports in dist/tools/executor.js load built-in tool modules from static TOOL_IMPLEMENTATIONS mappings
Source & flagged code
9 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/tools/mcp/stdio.test.jsView on unpkg · L2This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/tools/builtin/files.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/tools/builtin/files.jsView on unpkg · L187Package source references dynamic require/import behavior.
dist/tools/executor.jsView on unpkg · L9Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/tools/builtin/screenshot.jsView on unpkg · L10Package ships non-JavaScript build or shell helper files.
Daedalus.batView on unpkg