AI Security Review
scanned 11d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The main risk is broad local config synchronization from SDD-Agent and Claude debug logs into FlowMind storage during normal initialization, but inspection found no exfiltration or lifecycle execution.
Decision evidence
public snapshot- core/index.js calls autoSyncSddAgentToFlowMind() during FlowMind init
- core/sdd-agent-sync.js reads ~/.sdd-agent configs and ~/.claude/debug logs, then writes derived FlowMind config under ~/.flowmind
- core/sdd-agent-sync.js may copy selected ~/.sdd-agent/source files into ~/.flowmind/source
- bin/flowmind.js update command runs npm view/install, but only when user invokes flowmind update
- package.json has no install/preinstall/postinstall lifecycle hooks
- No import-time execution beyond module definitions; writes occur on explicit CLI/MCP initialization paths
- No credential or file exfiltration endpoint found; network calls are user-configured AI/MCP providers or explicit update check
- bin/flowmind.js child_process use is limited to user-invoked gh gist, editor, TUI, and update workflows
- AI provider endpoints in core/ai/providers are normal package-aligned API calls using user-supplied config/env keys
Source & flagged code
6 flagged · loading sourcePackage source invokes a package manager install command at runtime.
bin/flowmind.jsView on unpkg · L1782Package source references dynamic require/import behavior.
core/honor-engine.jsView on unpkg · L5Package ships non-JavaScript build or shell helper files.
demo/common.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
core/sdd-agent-sync.jsView on unpkg