AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious install-time or import-time behavior. The package is a user-invoked coding agent with powerful workspace mutation, GitHub, LLM, and dashboard command-execution capabilities.
Decision evidence
public snapshot- dist/server.js exposes POST /api/run that execs arbitrary request body commands when dashboard is started
- dist/tools/index.js runTests/runCompilation execute npm test, npm run build, or npx tsc during user-invoked heal flow
- dist/tools/index.js applyPatch/applyUnifiedDiff write model-generated changes into workspace files
- dist/tools/index.js saveRCConfig writes API_KEY and GITHUB_TOKEN to ~/.gigarc and .env.local after /connect
- dist/binaries includes native pkg executables, but package bin points to dist/binaries/cli.js
- package.json has no preinstall/install/postinstall lifecycle hooks
- No eval, Function, dynamic remote asset decode, or remote payload execution found in inspected JS
- Command execution in CLI shell uses executeCommandSecurely with an interactive confirmation prompt
- Network calls are aligned with declared AI/GitHub agent function, not hidden exfiltration
- Bundled JS under dist/binaries matches dist JS files
Source & flagged code
5 flagged · loading sourceSource fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/tools/index.jsView on unpkg · L5A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/tools/index.jsView on unpkgPackage source references child process execution.
dist/tools/index.jsView on unpkg · L5Package source invokes a package manager install command at runtime.
dist/tools/index.jsView on unpkg · L326