registry  /  iloso  /  0.1.0

iloso@0.1.0

A local-first social publishing CLI and MCP server for AI agents.

AI Security Review

scanned 1d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is a local X publishing CLI/MCP server; network activity is limited to explicit OAuth and publishing operations, with confirmation gates for MCP publishing.

Static reason
No blocking static signals were detected.
Trigger
User runs OAuth, CLI publishing commands, or the local MCP server and supplies confirmation for publishing.
Impact
Can publish to the user-connected X account only after user-invoked setup and explicit CLI/MCP publishing actions.
Mechanism
Explicit X OAuth credential management and X API publishing.
Rationale
Source inspection shows a package-aligned local social publishing tool with explicit OAuth and confirmation-gated publishing. The explicit skill-install command is user-invoked and not an install-time hook; no concrete malicious chain was found.
Evidence
package.jsondist/cli.jsdist/index.jsdist/mcp.jsskills/ilo/SKILL.md
Network endpoints3
x.com/i/oauth2/authorizeapi.x.com/2/oauth2/tokenapi.x.com/2

Decision evidence

public snapshot
AI called this Clean at 95.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `dist/cli.js` has an explicit `ilo skill install` command that runs `npx -y skills add iannuttall/ilo`.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • `dist/cli.js` exposes OAuth setup and publishing only through user-invoked CLI commands.
  • `dist/mcp.js` requires `confirm: true` for post publishing and scheduler execution.
  • `dist/index.js` uses X OAuth tokens only for X API calls and stores them in the OS keyring.
  • `skills/ilo/SKILL.md` instructs agents to require explicit confirmation before publishing.
  • No eval, VM execution, remote payload loading, broad agent-config write, or credential exfiltration path was found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNativeBindingsNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 69.8 KB of source, external domains: 127.0.0.1, api.x.com, x.com

Source & flagged code

2 flagged · loading source
dist/cli.jsView file
1#!/usr/bin/env node L2: import{defineCommand as e,runMain as t}from"citty";import{confirm as n,password as r,text as i}from"@clack/prompts";import{createHash as a,randomBytes as o,randomUUID as s}from"nod... L3: CREATE TABLE IF NOT EXISTS drafts (
High
Child Process

Package source references child process execution.

dist/cli.jsView on unpkg · L1
1#!/usr/bin/env node L2: import{defineCommand as e,runMain as t}from"citty";import{confirm as n,password as r,text as i}from"@clack/prompts";import{createHash as a,randomBytes as o,randomUUID as s}from"nod... L3: CREATE TABLE IF NOT EXISTS drafts (
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/cli.jsView on unpkg · L1

Findings

2 High2 Medium4 Low
HighChild Processdist/cli.js
HighSame File Env Network Executiondist/cli.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings