registry  /  iloso  /  0.5.0

iloso@0.5.0

A local-first social publishing CLI and MCP server for AI agents.

AI Security Review

scanned 7h ago · by lpm-firewall-ai

No confirmed malicious attack surface. Network, local storage, OAuth, and optional package-manager execution are tied to explicit social-publishing CLI/MCP actions.

Static reason
No blocking static signals were detected.
Trigger
User invokes CLI/MCP commands such as X connection, refresh, publishing, skill install, or accepts an update prompt.
Impact
Can access the connected X account and publish only through explicit package commands; no covert collection, exfiltration, persistence, or foreign agent-control mutation was found.
Mechanism
Local X OAuth/social publishing with user-invoked API calls and local state.
Rationale
Direct inspection shows a local-first X publishing CLI/MCP server with expected OAuth, API, keychain, SQLite, and explicit user-command behavior. No install-time execution or concrete malicious chain was found.
Evidence
package.jsondist/index.jsdist/mcp.jsdist/cli.jsdist/src-DylqgdCi.jsskills/ilo/SKILL.md~/.config/ilo/config.json~/.config/ilo/ilo.sqlite
Network endpoints3
api.x.com/2x.com/i/oauth2/authorizeapi.fxtwitter.com

Decision evidence

public snapshot
AI called this Clean at 97.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall lifecycle hook.
    • dist/index.js only re-exports library APIs; no import-time network or shell execution.
    • dist/src-DylqgdCi.js uses X OAuth/API and FxTwitter endpoints for documented social features.
    • OAuth tokens are stored through @napi-rs/keyring; config stores non-secret account metadata.
    • dist/cli.js runs package-manager commands only after an interactive update/install choice.
    • skills/ilo/SKILL.md requires explicit confirmation before publishing.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemNativeBindingsNetworkShell
    Supply chain
    HighEntropyStringsMinifiedUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 6 file(s), 299 KB of source, external domains: 127.0.0.1, api.fxtwitter.com, api.x.com, console.x.com, ilo.so, x.com

    Source & flagged code

    0 flagged
    No flagged code excerpts are attached to this scan.

    Findings

    2 Medium4 Low
    MediumNetwork
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings