AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The CLI can write project or opt-in global agent-tool configuration only through explicit `mewkit migrate`/setup actions, with migration confirmation. Upgrade networking is limited to the package's GitHub release API and selected release asset.
Decision evidence
public snapshot- `package.json` has no preinstall/install/postinstall hook; only publisher-side `prepublishOnly`.
- `dist/index.js` executes only after the user invokes the `mewkit` binary and dispatches explicit subcommands.
- `dist/commands/upgrade.js` uses `dist/core/github-releases.js` only for an explicit upgrade/check request.
- `dist/migrate/migrate-orchestrator.js` supports dry-run and requires `--yes`, non-TTY execution, or interactive confirmation before planned writes.
- `dist/migrate/hooks/codex-hook-wrapper.js` creates wrappers only during explicit migration and runs the selected existing hook.
- `dist/memory/validate.js` dynamically loads a project-local validator only during memory validation; it does not fetch or drop a payload.
Source & flagged code
3 flagged · loading sourcePackage source references dynamic require/import behavior.
dist/memory/validate.jsView on unpkg · L4Package ships high-entropy non-source blobs.
dist/orchviz-web/fira-code-greek-500-normal.woff2View on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/migrate/providers/codex/capabilities.jsView on unpkg