AI Security Review
scanned 2d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was established. The package is a local dashboard/usage CLI with powerful but package-aligned runtime features: self-update, daemon autostart, local agent invocation, and optional team sync.
Decision evidence
public snapshot- dist/index.js has runtime self-update path fetching registry.npmjs.org and running npm install -g fleetlens@latest.
- dist/index.js reads Claude OAuth credentials from keychain or ~/.claude credential files to call Anthropic usage APIs.
- dist/index.js can install macOS LaunchAgent and menu bar app via explicit autostart/menubar commands and team join.
- dist/index.js modifies ~/.claude.json trust for its own ~/.cclens/runtime before spawning claude under tmux for AI features.
- package.json defines no preinstall/install/postinstall lifecycle hooks.
- dist/index.js command dispatch is CLI-driven; dangerous paths are behind start/update/usage/team/autostart/menubar/digest commands, not import-time execution.
- Network endpoints are package-aligned: npm registry update check, Anthropic/Z.ai usage APIs, localhost dashboard, and user-provided team server URL.
- Team sync posts aggregate usage/activity rollups to a configured serverUrl with bearer token, not hardcoded exfiltration.
- No obfuscated payload, eval/Function remote loader, credential exfiltration endpoint, destructive install hook, or foreign AI-agent control-surface mutation found.
Source & flagged code
8 flagged · loading sourcePackage source references child process execution.
app/apps/web/app/api/menubar/route.tsView on unpkg · L1Package source references shell execution.
app/apps/web/app/api/pdf/[key]/route.tsView on unpkg · L83This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/index.jsView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L5002Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L13Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L5319Source writes installer persistence such as shell profile or service configuration.
dist/index.jsView on unpkg · L13Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/daemon-worker.jsView on unpkg · L866