AI Security Review
scanned 2d ago · by lpm-firewall-aiPackage source could not be inspected in this session, so no source-grounded attack surface can be confirmed.
Static reason
One or more suspicious static signals were detected.
Trigger
unknown
Impact
unknown
Mechanism
unreadable package files
Rationale
Read-only filesystem inspection was attempted but the execution tool rejected the command payload, leaving package contents unavailable for source-grounded assessment.
Decision evidence
public snapshotAI called this Manual Review at 0.0% confidence as Unknown with high false-positive risk.
Evidence for warning
- Inspection commands failed under current tool schema before any source files could be read.
Evidence against
Behavioral surface
ChildProcessShell
UrlStrings
Source & flagged code
2 flagged · loading sourcebin/mastercoder.mjsView file
3// optional dependency) and execs it with full stdio passthrough.
L4: import { spawnSync } from "node:child_process"
L5: import { createRequire } from "node:module"
High
Child Process
Package source references child process execution.
bin/mastercoder.mjsView on unpkg · L33// optional dependency) and execs it with full stdio passthrough.
L4: import { spawnSync } from "node:child_process"
L5: import { createRequire } from "node:module"
...
L14: console.error(`MasterCoder: 이 플랫폼(${os.platform()}-${os.arch()})용 실행 파일을 찾지 못했어요.`)
L15: console.error(`해결: npm install -g mastercoder --force · 안내: https://mastercoder.ai/cli/`)
L16: process.exit(1)
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
bin/mastercoder.mjsView on unpkg · L3Findings
3 High1 Low
HighChild Processbin/mastercoder.mjs
HighShell
HighRuntime Package Installbin/mastercoder.mjs
LowUrl Strings