AI Security Review
scanned 2d ago · by lpm-firewall-aiThe package has an install-time hook that fetches and installs a remote executable engine into its own payload directory. This is package-aligned but creates unresolved supply-chain risk because executable content is introduced during npm install.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/postinstall.mjs
- scripts/postinstall.mjs downloads a platform tar.gz from github.com/FerroxLabs/wayland-core during install
- scripts/postinstall.mjs extracts the archive, locates an executable named aionrs/wayland-core/wcore, writes payload/resources/bundled-wayland-core/<platform>/wayland-core, and chmods 755
- bin/wayland.mjs can install bun via curl|bash and apt packages, but only from user-invoked wayland setup
- bin/wayland.mjs offers optional systemd staging by writing /tmp/wayland.service after an interactive prompt
- No install-time writes to Claude/Codex/Cursor/.mcp or other foreign AI-agent control surfaces found
- CLI setup stores user-provided model keys only in ~/.wayland-server/wayland.env with mode 0600
- README documents the postinstall engine fetch, bun setup, and optional systemd behavior
- Network endpoints are package-aligned: Flux Router for model API, FerroxLabs GitHub release for engine, bun.sh for user-approved bun install
- Bundled skills/resources are loaded as Wayland platform content; no lifecycle registration into another agent was found
Source & flagged code
27 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a possible secret pattern.
payload/out/renderer/assets/index-CPqvQHaG.jsView on unpkg · L10Package source invokes a package manager install command at runtime.
bin/wayland.mjsView on unpkg · L111Source writes installer persistence such as shell profile or service configuration.
bin/wayland.mjsView on unpkg · L12Package source references shell execution.
payload/out/renderer/assets/vendor-highlight-BmVanule.jsView on unpkg · L8Package source references a known benign dynamic code generation pattern.
payload/out/renderer/assets/whisperWorker-yk8fSaV0.jsView on unpkg · L6Source reaches cloud instance metadata or link-local credential endpoints.
payload/dist-server/builtin-mcp-concierge-diag.jsView on unpkg · L1224Package source references dynamic require/import behavior.
payload/dist-server/builtin-mcp-concierge-diag.jsView on unpkg · L6Package ships WebAssembly modules.
payload/dist-server/wasm/tree-sitter.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
payload/dist-server/skills/_builtin/skill-creator/scripts/init_skill.pyView on unpkgPackage ships high-entropy non-source blobs.
payload/dist-server/skills/morph-ppt/reference/styles/warm--brand-refresh/warm__brand_refresh.pptxView on unpkgPackage ships compressed or archive-like blobs.
payload/dist-server/skills/morph-ppt/reference/styles/warm--brand-refresh/warm__brand_refresh.pptxView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
payload/dist-server/skills/morph-ppt/reference/styles/warm--brand-refresh/warm__brand_refresh.pptxView on unpkgPackage contains source files above the static scanner size ceiling.
payload/dist-server/gemini.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
payload/out/renderer/assets/TipTapMarkdownEditor-CuDI219q.jsView on unpkgHardcoded password in payload/src/process/resources/skills-library/bodies/skills/security/security-auditor/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/security/security-auditor/SKILL.mdView on unpkg · L107Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/security/application-secrets-security/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/security/application-secrets-security/SKILL.mdView on unpkg · L94Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/backend-systems/supabase-builder/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/backend-systems/supabase-builder/SKILL.mdView on unpkg · L328Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/testing-quality/load-tester/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/testing-quality/load-tester/SKILL.mdView on unpkg · L167Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/data-engineering/data-catalog-builder/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/data-engineering/data-catalog-builder/SKILL.mdView on unpkg · L64Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/hobbies-crafts/electronics-hobbyist/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/hobbies-crafts/electronics-hobbyist/SKILL.mdView on unpkg · L150Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/devops-cloud/secrets-manager/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/devops-cloud/secrets-manager/SKILL.mdView on unpkg · L78Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/devops-cloud/secrets-manager/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/devops-cloud/secrets-manager/SKILL.mdView on unpkg · L108RSA private key in payload/src/process/resources/skills-library/bodies/skills/devops-cloud/env-file-manager/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/devops-cloud/env-file-manager/SKILL.mdView on unpkg · L76Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/writing/technical-blog-post/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/writing/technical-blog-post/SKILL.mdView on unpkg · L290