AI Security Review
scanned 1h ago · by lpm-firewall-aiNo confirmed malicious install-time or import-time attack surface. The explicit CLI installs mobile-delivery GitHub Actions and the installed action can perform documented deployment, metadata, and self-update operations in a consumer CI repository.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs `gowalk-cicd`; installed workflow later runs on `main` pushes or manual dispatch.
Impact
Writes documented GitHub Actions files and, when enabled in CI, can commit signed-build/action refresh artifacts to the consumer repository.
Mechanism
User-invoked vendoring of CI actions plus package-aligned mobile deployment automation.
Rationale
Direct inspection shows a user-invoked CI installer for iOS/Android deployment, with broad but documented repository writes and CI capabilities. No lifecycle-triggered execution, stealth persistence, credential exfiltration, or unconsented foreign AI-agent control-surface mutation was found.
Evidence
package.jsonbin/cli.mjssrc/install.mjstemplates/deploy.ymlaction/action.ymlaction/scripts/autoupdate_check.shaction/scripts/asc_common.pyandroid-action/action.ymlandroid-action/scripts/resolve_android.pyandroid-action/scripts/bitrise_deploy.py.github/actions/swift-app/.github/actions/android-app/.github/workflows/deploy.ymlcreds/
Network endpoints3
api.appstoreconnect.apple.com/v1androidpublisher.googleapis.com/androidpublisher/v3api.bitrise.io/v0.1
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
- Explicit CLI installer overwrites consumer `.github` action and workflow paths.
- Vendored CI action can auto-update itself through `npm view` and `npx`, then stage and push action files.
Evidence against
- `package.json` has no preinstall/install/postinstall lifecycle hook.
- `bin/cli.mjs` invokes installation only when the user runs the CLI.
- `src/install.mjs` confines writes to documented `.github/actions/*` and `.github/workflows/deploy.yml` paths.
- Network calls target named delivery services: Apple App Store Connect, Google Play, and optional Bitrise.
- No credential harvesting or exfiltration endpoint was found; credential files are used for declared signing/deployment.
- AI inference is an opt-in CI metadata feature using GitHub Actions, not an agent-control-surface mutation.
Behavioral surface
Filesystem
Source & flagged code
2 flagged · loading sourceandroid-action/scripts/test_sign_bundle.pyView file
25patternName = generic_password
severity = medium
line = 25
matchedText = password...ord"
Medium
Secret Pattern
Package contains a possible secret pattern.
android-action/scripts/test_sign_bundle.pyView on unpkg · L25•path = android-action/scripts/test_sign_bundle.py
kind = build_helper
sizeBytes = 2486
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
android-action/scripts/test_sign_bundle.pyView on unpkgFindings
2 Medium2 Low
MediumSecret Patternandroid-action/scripts/test_sign_bundle.py
MediumShips Build Helperandroid-action/scripts/test_sign_bundle.py
LowScripts Present
LowFilesystem