AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is a workflow orchestration CLI with explicit commands that install/manage local AI-agent workflow assets and dashboard MCP configuration.
Decision evidence
public snapshot- User-invoked CLI can spawn child processes: bin/maestro.js, dist/src/commands/view.js, dist/src/commands/update.js.
- Dashboard MCP routes can write MCP config files when API endpoints are called: dashboard/dist-server/dashboard/src/server/routes/mcp.js.
- Launcher can rewrite Claude workflow files and launch claude with --dangerously-skip-permissions: dist/src/commands/launcher.js.
- package.json has no install/postinstall/preinstall hook; prepublishOnly is publish-time build only.
- bin/maestro.js only relaunches the same CLI with WASM flags then imports dist/src/cli.js.
- Network use inspected is package-aligned: localhost dashboard health/shutdown/workspace and npm registry update check.
- Runtime npm install in update/launcher is prompted or explicit user-invoked update/workflow setup, not install-time execution.
- test_aco.py is plain Python test source, not a hidden binary payload.
- dist/src/migrations/_template.js dynamic require is inert template migration code.
Source & flagged code
11 flagged · loading sourcePackage source references dynamic require/import behavior.
dist/src/migrations/_template.jsView on unpkg · L44Package source references weak cryptographic algorithms.
dist/src/tools/core-memory.jsView on unpkg · L31A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/src/commands/view.jsView on unpkg · L181Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/src/commands/view.jsView on unpkg · L196Package source invokes a package manager install command at runtime.
dist/src/commands/view.jsView on unpkg · L116Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dashboard/dist-server/dashboard/src/server/routes/mcp.jsView on unpkg · L10Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/src/tools/impeccable/live/server.jsView on unpkg · L1Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.agents/skills/team-adversarial-swarm/scripts/test_aco.pyView on unpkgPackage ships non-JavaScript build or shell helper files.
.agents/skills/team-adversarial-swarm/scripts/test_aco.pyView on unpkg