AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface. Network, credential storage, telemetry, CRM access, and scheduler setup are explicit CLI features with scoped user triggers.
Decision evidence
public snapshot- package.json has only prepublishOnly; no install lifecycle hook.
- src/cli/auth.ts sends hostname/user label only after explicit login pairing.
- src/runReport.ts reports only when a broker credential already exists.
- src/cli/schedule.ts modifies cron/LaunchAgents only via explicit schedule install.
- src/config.ts permits rule-package import only with explicit --config and --allow-plugins.
- dist entrypoints align with source and no native binaries were present.
Source & flagged code
5 flagged · loading sourcePackage source references dynamic require/import behavior.
dist/config.jsView on unpkg · L80Source writes installer persistence such as shell profile or service configuration.
dist/cli/schedule.jsView on unpkg · L6Source collects local host identity data and sends it to an external endpoint.
dist/cli/auth.jsView on unpkg · L30Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/cli/auth.jsView on unpkg · L30This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/connectors/salesforce.jsView on unpkg