AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is a local MCP developer tool with explicitly enabled write and shell capabilities, rather than install-time or covert execution.
Decision evidence
public snapshot- `src/tools/bash.ts` can execute user-supplied shell commands when enabled.
- `src/tools/write-file.ts` can modify project files when enabled.
- `src/index.ts` has explicit commands to write a PR template or post with `gh`.
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- `src/mcp/server.ts` registers write and shell tools only with explicit `JAMBAVAN_ALLOW_WRITE=1` or `JAMBAVAN_ALLOW_BASH=1`.
- `src/tools/path-guard.ts` confines file tools to the project and blocks common secret files by default.
- `src/tools/bash.ts` uses a minimal environment by default and documents shell execution as opt-in.
- `src/tools/gui.ts` binds its HTTP server only to `127.0.0.1`.
- No outbound network client API or remote payload execution was found in `src`.
Source & flagged code
4 flagged · loading sourcePackage source references child process execution.
dist/tools/bash.jsView on unpkg · L37Package source references dynamic require/import behavior.
dist/evaluation.jsView on unpkg · L40Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
src/tool-check.tsView on unpkg · L12