AI Security Review
scanned 22h ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Risky primitives are aligned with an AI-agent framework CLI and runtime, and are activated by explicit user commands or authored app execution rather than install/import side effects.
Decision evidence
public snapshot- package.json has no preinstall/install/postinstall/prepare lifecycle hooks
- bin/eve.js only bootstraps the user-invoked CLI and may rebuild local package artifacts before importing dist/src/cli/run.js
- dist/src/cli/run.js registers explicit commands such as init/dev/build/start/link/deploy rather than import-time execution
- dist/src/setup/scaffold/update/* writes project-owned files only during explicit setup/channel/connection flows
- dist/src/compiled/experimental-ai-sdk-code-mode/index.js implements bounded sandbox/code-mode behavior with fetch allowlists and tool approval checks
- dist/src/compiled/@workflow/core/runtime.js is bundled workflow/runtime code with local data and localhost health checks, not a hidden payload loader
Source & flagged code
14 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/src/compiled/experimental-ai-sdk-code-mode/index.jsView on unpkg · L4AWS access key ID in dist/src/compiled/experimental-ai-sdk-code-mode/index.js
dist/src/compiled/experimental-ai-sdk-code-mode/index.jsView on unpkg · L4Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
bin/eve.jsView on unpkg · L2Package source references dynamic require/import behavior.
bin/eve.jsView on unpkg · L8Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/src/compiled/gray-matter/index.jsView on unpkg · L44Package source references a known benign dynamic code generation pattern.
dist/src/compiled/gray-matter/index.jsView on unpkg · L43Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/src/compiled/@workflow/core/runtime.jsView on unpkg · L1Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/src/compiled/@workflow/core/runtime.jsView on unpkg · L1Package source executes code through a VM context API.
dist/src/compiled/@workflow/core/runtime.jsView on unpkg · L1Package source references weak cryptographic algorithms.
dist/src/internal/authored-module-loader.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/src/internal/nitro/host/start-production-server.jsView on unpkg · L1Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/src/compiled/@vercel/sandbox/index.jsView on unpkg · L1RSA private key in dist/src/compiled/jose/index.js
dist/src/compiled/jose/index.jsView on unpkg · L2