AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is an AI coding-agent CLI with expected network, credential storage, shell, and file-write capabilities that activate through explicit CLI/agent workflows.
Decision evidence
public snapshot- src/agent/tools.ts exposes user/model-invoked bash, write, edit, and rm-style tools as expected for an AI coding agent.
- src/auth/storage.ts can auto-import ~/.gemini/oauth_creds.json during credential resolution and persists OAuth credentials under ~/.jeo config.
- scripts/install.sh can install Bun via https://bun.sh/install and mutate npm registry config only when explicit flags are used.
- package.json has no install/preinstall/postinstall lifecycle hooks; bin/main point to src/cli.ts.
- src/cli.ts only dispatches CLI args and sets terminal crash handling; no import-time exfiltration or payload execution found.
- src/auth/oauth.ts and src/auth/flows/*.ts implement interactive OAuth/device flows to named providers, then store credentials locally via src/auth/storage.ts.
- Network use is package-aligned: provider APIs, npm registry update check, GitHub/Bun installer script, and local OAuth callbacks.
- Bundled AGENTS.md and prompt files are normal product prompts/docs; no reviewer/firewall manipulation instructions found.
- Dangerous primitives are user-invoked CLI/agent functionality rather than lifecycle or hidden execution.
Source & flagged code
3 flagged · loading sourceSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
src/auth/oauth.tsView on unpkg · L15Package ships non-JavaScript build or shell helper files.
scripts/uninstall.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
src/commands/launch.tsView on unpkg