AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established by source inspection. Risky primitives are tied to an explicit CLI for installing AI-agent skills, local dashboard use, task sync, feedback filing, or desktop app installation.
Decision evidence
public snapshot- dist/index.js can write project AI-agent integration files under .claude, .agents, .codex and root CLAUDE.md/AGENTS.md when setup/install commands are run.
- dist/index.js includes user-invoked network integrations for GitHub, ClickUp, desktop app releases, and local dashboard APIs.
- install.sh installs dreamcontext@latest globally and may run dreamcontext setup when explicitly piped/executed.
- package.json has no install/preinstall/postinstall hook; only prepublishOnly build runs for publisher workflow.
- package.json bin points to dist/index.js CLI; no import-time exfiltration or lifecycle execution found.
- dist/index.js stores GitHub/ClickUp tokens only via explicit config commands into _dream_context/state/.secrets.json after adding gitignore and mode 0600.
- dist/index.js dashboard binds to 127.0.0.1 by default and blocks cross-site writes; network features are user-invoked/product-aligned.
- dist/dashboard secret hit is Excalidraw bundled public Firebase config/public key, not credential theft evidence.
- skill-packs and agents are documentation/skill content; dynamic require in excalidraw examples loads local vendored helpers.
Source & flagged code
10 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/dashboard/assets/subset-shared.chunk-Hm_CkSQB.jsView on unpkg · L22AWS access key ID in dist/dashboard/assets/subset-shared.chunk-Hm_CkSQB.js
dist/dashboard/assets/subset-shared.chunk-Hm_CkSQB.jsView on unpkg · L22Package source references dynamic require/import behavior.
dist/skill-packs/excalidraw/examples/style_board.jsView on unpkg · L2Package source references weak cryptographic algorithms.
dist/skill-packs/excalidraw/scripts/build_excalidraw.jsView on unpkg · L8Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/dashboard/assets/percentages-BXMCSKIN-4Hgy5SgQ.jsView on unpkg · L108Google API key in dist/dashboard/assets/percentages-BXMCSKIN-4Hgy5SgQ.js
dist/dashboard/assets/percentages-BXMCSKIN-4Hgy5SgQ.jsView on unpkg · L2Package ships non-JavaScript build or shell helper files.
dist/skill-packs/video-watching/scripts/transcribe.shView on unpkgPackage ships high-entropy non-source blobs.
dist/dashboard/assets/Assistant-Bold-gm-uSS1B.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
dist/index.jsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/index.jsView on unpkg