AI Security Review
scanned 2h ago · by lpm-firewall-aiNo install-time malicious behavior is confirmed, but the optional dashboard server exposes unauthenticated arbitrary command execution. The CLI is a user-invoked AI coding agent with broad filesystem, git, shell, and network capabilities.
Decision evidence
public snapshot- dist/server.js exposes POST /api/run that execs arbitrary request body command.
- dist/server.js uses npx tsx src/cli.ts for dashboard commands, but src is not shipped.
- dist/tools/index.js can apply LLM-provided patches to arbitrary resolved paths and run npm test.
- dist/tools/index.js writes credentials to ~/.gigarc and .env.local via explicit connectProvider.
- Package ships large native binaries in dist/binaries, though bin points to JS wrapper.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- No eval/Function/vm/base64 decode or remote asset execution found in inspected JS.
- Network calls are aligned with declared AI/GitHub agent workflow.
- CLI raw shell execution uses an interactive confirmation prompt.
- Secret reads are provider/GitHub tokens used for configured API calls, not broad harvesting.
Source & flagged code
7 flagged · loading sourceSource fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/tools/index.jsView on unpkg · L5A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/tools/index.jsView on unpkgPackage source references child process execution.
dist/tools/index.jsView on unpkg · L5Package source invokes a package manager install command at runtime.
dist/server.jsView on unpkg · L34Package contains source files above the static scanner size ceiling.
dist/binaries/cli.jsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/binaries/cli.jsView on unpkg