AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established by source inspection. The package is an agent harness with powerful runtime tools, but inspected shell, messaging, Home Assistant, crypto, and plugin-loading behavior are package-aligned and user-invoked.
Decision evidence
public snapshot- plugins/bash/handler.js exposes a user-invoked shell tool with process.env passed through
- src/host/index.js discovers plugins from package, ~/.freddie/plugins, and cwd .freddie/plugins at CLI/runtime
- plugins/send_message/handler.js dynamically imports fixed gateway adapter paths based on a schema enum
- package.json has no preinstall/install/postinstall/prepare lifecycle hooks
- bin/freddie.js only boots plugin host and registers CLI commands; no install-time or import-time payload observed
- plugins/homeassistant_tool/handler.js sends HASS_TOKEN only to HASS_URL/default Home Assistant API for explicit state/service actions
- plugins/platform-wecom_crypto/handler.js contains WeCom signature/decrypt helpers, not credential harvesting
- Network calls found are provider/platform/tool aligned and gated by explicit tool/CLI/runtime use
Source & flagged code
4 flagged · loading sourcePackage source references dynamic require/import behavior.
plugins/send_message/handler.jsView on unpkg · L19Package source references weak cryptographic algorithms.
plugins/platform-wecom_crypto/handler.jsView on unpkg · L6Source appears to send environment or credential material to an external endpoint.
plugins/homeassistant_tool/handler.jsView on unpkg · L3This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
plugins/bash/handler.jsView on unpkg