AI Security Review
scanned 19h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was found. The package is an AI-agent server with a lifecycle hook that fetches a package-aligned native engine and a user-invoked setup flow that can install dependencies and stage a service.
Decision evidence
public snapshot- package.json runs postinstall script
- scripts/postinstall.mjs downloads a platform tarball from GitHub and installs an executable engine without checksum verification
- bin/wayland.mjs user setup can run apt-get and curl|bash to install bun
- bin/wayland.mjs can stage /tmp/wayland.service for optional systemd persistence
- payload/dist-server/server.mjs contains bundled AI-agent/MCP and Claude/Codex integration code
- postinstall writes only under package payload/resources and temporary payload/.wcore-tmp
- No .mcp.json, CLAUDE.md, .claude, Cursor, or Codex control files found in package root scan
- Foreign agent/Codex/Claude references appear in the runtime server payload, not npm lifecycle hook
- systemd service creation is prompted during wayland setup and only writes /tmp/wayland.service for user sudo commands
- README documents engine fetch, bun setup, env storage, and optional systemd behavior
- Provider keys are written by user-invoked setup to ~/.wayland-server/wayland.env with mode 0600
Source & flagged code
27 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a possible secret pattern.
payload/out/renderer/assets/index-CPqvQHaG.jsView on unpkg · L10Package source invokes a package manager install command at runtime.
bin/wayland.mjsView on unpkg · L111Source writes installer persistence such as shell profile or service configuration.
bin/wayland.mjsView on unpkg · L12Package source references shell execution.
payload/out/renderer/assets/vendor-highlight-Y2vMMfXT.jsView on unpkg · L8Package source references a known benign dynamic code generation pattern.
payload/out/renderer/assets/whisperWorker-yk8fSaV0.jsView on unpkg · L6Source reaches cloud instance metadata or link-local credential endpoints.
payload/dist-server/builtin-mcp-concierge-diag.jsView on unpkg · L1224Package source references dynamic require/import behavior.
payload/dist-server/builtin-mcp-concierge-diag.jsView on unpkg · L6Package ships WebAssembly modules.
payload/dist-server/wasm/tree-sitter.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
payload/dist-server/skills/_builtin/skill-creator/scripts/init_skill.pyView on unpkgPackage ships high-entropy non-source blobs.
payload/dist-server/skills/morph-ppt/reference/styles/warm--brand-refresh/warm__brand_refresh.pptxView on unpkgPackage ships compressed or archive-like blobs.
payload/dist-server/skills/morph-ppt/reference/styles/warm--brand-refresh/warm__brand_refresh.pptxView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
payload/dist-server/skills/morph-ppt/reference/styles/warm--brand-refresh/warm__brand_refresh.pptxView on unpkgPackage contains source files above the static scanner size ceiling.
payload/dist-server/gemini.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
payload/out/renderer/assets/vendor-arco-CiqUkXtN.jsView on unpkgHardcoded password in payload/src/process/resources/skills-library/bodies/skills/security/security-auditor/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/security/security-auditor/SKILL.mdView on unpkg · L107Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/security/application-secrets-security/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/security/application-secrets-security/SKILL.mdView on unpkg · L94Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/backend-systems/supabase-builder/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/backend-systems/supabase-builder/SKILL.mdView on unpkg · L328Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/testing-quality/load-tester/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/testing-quality/load-tester/SKILL.mdView on unpkg · L167Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/data-engineering/data-catalog-builder/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/data-engineering/data-catalog-builder/SKILL.mdView on unpkg · L64Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/hobbies-crafts/electronics-hobbyist/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/hobbies-crafts/electronics-hobbyist/SKILL.mdView on unpkg · L150Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/devops-cloud/secrets-manager/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/devops-cloud/secrets-manager/SKILL.mdView on unpkg · L78Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/devops-cloud/secrets-manager/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/devops-cloud/secrets-manager/SKILL.mdView on unpkg · L108RSA private key in payload/src/process/resources/skills-library/bodies/skills/devops-cloud/env-file-manager/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/devops-cloud/env-file-manager/SKILL.mdView on unpkg · L76Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/writing/technical-blog-post/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/writing/technical-blog-post/SKILL.mdView on unpkg · L290