AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface found. Network, credential storage, shell, and file-write primitives are package-aligned for an AI coding-agent CLI and are user-invoked rather than install-time.
Decision evidence
public snapshot- package.json has no install/preinstall/postinstall lifecycle hooks; bin/main are src/cli.ts.
- src/cli.ts only dispatches CLI args and installs terminal cleanup handlers at startup.
- src/auth/oauth.ts and src/auth/flows/* implement user-invoked OAuth against named providers and persist credentials locally.
- src/auth/storage.ts can auto-import ~/.gemini/oauth_creds.json only during gemini credential resolution; no exfiltration found.
- src/commands/launch.ts contains agent shell/file capabilities, but they are the advertised interactive coding-agent runtime.
- scripts/install.sh registry/.npmrc changes require explicit flags; scripts are not lifecycle hooks.
Source & flagged code
3 flagged · loading sourceSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
src/auth/oauth.tsView on unpkg · L15Package ships non-JavaScript build or shell helper files.
scripts/uninstall.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
src/commands/launch.tsView on unpkg