AI Security Review
scanned 10d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Risky primitives are tied to explicit CLI workflows, local configuration, update checks, configured AI providers, or MCP adapter use.
Decision evidence
public snapshot- bin/flowmind.js has an explicit user-run update command that shells out to npm install.
- core/index.js auto-syncs local ~/.sdd-agent data into ~/.flowmind on FlowMind initialization.
- package.json has no install/preinstall/postinstall lifecycle scripts.
- bin/flowmind.js npm install path is gated behind explicit `flowmind update`, not install/import time.
- Network use is package-aligned: npm version checks, configured MCP HTTP calls, and user-configured AI provider APIs.
- core/config-manager.js dynamic require only loads local flowmind.config.js when the user runs FlowMind in that project.
- No credential harvesting or exfiltration to attacker-controlled endpoints found in inspected source.
- MCP/bin entrypoints expose workflow automation features consistent with package description.
Source & flagged code
6 flagged · loading sourcePackage source references child process execution.
core/update-notifier.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version.
bin/flowmind.jsView on unpkgPackage source invokes a package manager install command at runtime.
bin/flowmind.jsView on unpkg · L1761Package source references dynamic require/import behavior.
core/honor-engine.jsView on unpkg · L5Package ships non-JavaScript build or shell helper files.
demo/common.shView on unpkg