registry  /  iloso  /  0.6.0

iloso@0.6.0

A local-first social publishing CLI and MCP server for AI agents.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `ilo skill install`.
Impact
May install a first-party AI-agent skill through the external skills tool; package source does not directly write a foreign agent configuration.
Mechanism
Explicit subprocess invocation of `npx skills add iannuttall/ilo`.
Rationale
Source inspection found no concrete malicious behavior. Downgrade to warn because an explicit command delegates first-party AI-agent skill installation to an external installer.
Evidence
package.jsondist/cli.js.mapdist/src-GeINR-8P.js.mapskills/ilo/SKILL.mdREADME.mddist/cli.js

Decision evidence

public snapshot
AI called this Suspicious at 92.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/cli.js.map` defines `ilo skill install`, which explicitly runs `npx -y skills add iannuttall/ilo`.
  • `skills/ilo/SKILL.md` is an AI-agent skill with MCP and publishing workflows.
  • `dist/cli.js.map` starts the MCP server only through the explicit `ilo mcp serve` command.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
  • The agent-skill installation is an explicit CLI subcommand, not import- or install-time behavior.
  • `dist/cli.js.map` defaults self-update to “Later” and only runs after an interactive confirmation.
  • `dist/src-GeINR-8P.js.map` stores credentials via OS keyring and local config/database paths; no harvesting or unrelated exfiltration found.
  • No eval, VM execution, shell-string execution, persistence outside declared user commands, or foreign agent-config path writes were found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 6 file(s), 350 KB of source, external domains: 127.0.0.1, api.fxtwitter.com, api.typefully.com, api.x.com, console.x.com, ilo.so, typefully.com, x.com

Source & flagged code

3 flagged · loading source
dist/cli.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/cli.js.map` defines `ilo skill install`, which explicitly runs `npx -y skills add iannuttall/ilo`.

dist/cli.jsView on unpkg
Published source reference
Medium
Ai Review Evidence

`dist/cli.js.map` starts the MCP server only through the explicit `ilo mcp serve` command.

dist/cli.jsView on unpkg
skills/ilo/SKILL.mdView file
Published source reference
Medium
Ai Review Evidence

`skills/ilo/SKILL.md` is an AI-agent skill with MCP and publishing workflows.

skills/ilo/SKILL.mdView on unpkg

Findings

5 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/cli.js
MediumAi Review Evidenceskills/ilo/SKILL.md
MediumAi Review Evidencedist/cli.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings