AI Security Review
scanned 11d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Risky primitives are tied to explicit CLI/MCP features such as AI calls, local config/learning storage, git/project review, gist export, and manual self-update.
Decision evidence
public snapshot- package.json has no install/preinstall/postinstall lifecycle hooks.
- bin/flowmind.js child_process use is limited to user-invoked commands: gist publishing, editor launch, and update command.
- bin/flowmind.js update runs npm install only when the user explicitly invokes flowmind update.
- core/ai providers call configured AI/Ollama endpoints for declared agent features, not hidden exfiltration.
- core/skill-loader.js dynamically requires bundled skill index.js files from the configured skills directory during normal plugin loading.
- flowmind-codex writes only workspace .flowmind-codex config for its declared Codex wrapper behavior.
Source & flagged code
6 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version.
bin/flowmind.jsView on unpkgPackage source invokes a package manager install command at runtime.
bin/flowmind.jsView on unpkg · L1628Package source references dynamic require/import behavior.
core/honor-engine.jsView on unpkg · L5Package ships non-JavaScript build or shell helper files.
demo/common.shView on unpkg