AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established by static inspection. The package is a coding-agent CLI/TUI with user-invoked provider/network access and local command/tool capabilities.
Decision evidence
public snapshot- package.json exposes CLI bin src/cli.mjs and no npm install/postinstall lifecycle hook.
- src/runtime/channels/lib/whisper-server.mjs runs a local HTTP server and can execute configured local shell commands from a user config mapping.
- src/standalone/channel-worker.mjs is an agent worker entrypoint with model/provider orchestration, not install-time persistence.
- No lifecycle hook writes Claude/Codex/Cursor/MCP config or other foreign AI-agent control surfaces at install time.
- Network use is package-aligned for an agent CLI: model providers, local channel server, and optional runtime fetching are user/runtime invoked.
- Secret-looking strings in scripts/compact-smoke.mjs are test fixtures asserting redaction behavior, not harvested credentials.
- Trojan-source hint in src/runtime/channels/lib/format.mjs appears to be Unicode formatting/symbol handling for terminal output, not hidden control flow.
- child_process and shell use are in CLI/runtime tools or smoke/bench scripts, not automatic install/import execution.
Source & flagged code
12 flagged · loading sourcePackage contains a possible secret pattern.
scripts/compact-smoke.mjsView on unpkg · L388Package source references child process execution.
scripts/smoke-loop.mjsView on unpkg · L2Package source references dynamic require/import behavior.
scripts/ingest-pure-conversation-smoke.mjsView on unpkg · L12Package source references weak cryptographic algorithms.
src/standalone/plugin-admin.mjsView on unpkg · L1Source writes installer persistence such as shell profile or service configuration.
src/runtime/agent/orchestrator/tools/shell-snapshot.mjsView on unpkg · L13A single source file combines environment access, network access, and code or shell execution; review context before blocking.
src/runtime/channels/lib/whisper-server.mjsView on unpkg · L35Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
src/runtime/memory/lib/runtime-fetcher.mjsView on unpkg · L1Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
src/runtime/channels/lib/format.mjsView on unpkg · L129Package ships non-JavaScript build or shell helper files.
scripts/build-runtime-linux.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/standalone/channel-worker.mjsView on unpkgHardcoded password in scripts/session-ingest-smoke.mjs
scripts/session-ingest-smoke.mjsView on unpkg · L59