AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious payload or install-time attack was found. The main unresolved risk is default-on runtime self-update that can invoke npm global install for this package after CLI start.
Decision evidence
public snapshot- src/session-runtime/runtime-core.mjs schedules boot-time update check and runs update when config.update.auto is not false.
- src/runtime/shared/update-checker.mjs spawns npm install -g mixdog@latest after fetching https://registry.npmjs.org/mixdog/latest.
- src/runtime/memory/lib/runtime-fetcher.mjs can download native runtime archives from GitHub, then verifies bundled sha256 before extraction.
- package.json has no preinstall/install/postinstall lifecycle scripts; bin only points to src/cli.mjs.
- src/runtime/agent/orchestrator/tools/bash-session.mjs is a user-invoked agent shell tool with policy checks and secret-scrubbed environment, not install-time execution.
- src/runtime/channels/lib/whisper-server.mjs manages a local 127.0.0.1 whisper child and fails closed on foreign port/process ownership.
- src/runtime/channels/lib/format.mjs contains zero-width escapes only inside string replacements for code-fence escaping, not control-flow hiding.
- Runtime downloads are package-aligned and hash-verified; no credential harvesting or exfiltration path was confirmed.
Source & flagged code
13 flagged · loading sourcePackage contains a possible secret pattern.
scripts/compact-smoke.mjsView on unpkg · L388Package source references child process execution.
scripts/smoke-loop.mjsView on unpkg · L2Package source references dynamic require/import behavior.
scripts/ingest-pure-conversation-smoke.mjsView on unpkg · L12Package source references weak cryptographic algorithms.
src/standalone/plugin-admin.mjsView on unpkg · L1Source writes installer persistence such as shell profile or service configuration.
src/runtime/agent/orchestrator/tools/shell-snapshot.mjsView on unpkg · L13A single source file combines environment access, network access, and code or shell execution; review context before blocking.
src/runtime/channels/lib/whisper-server.mjsView on unpkg · L35Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
src/runtime/memory/lib/runtime-fetcher.mjsView on unpkg · L1Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
src/runtime/channels/lib/format.mjsView on unpkg · L129Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
scripts/boot-smoke.mjsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
scripts/build-runtime-linux.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/runtime/agent/orchestrator/tools/bash-session.mjsView on unpkgHardcoded password in scripts/session-ingest-smoke.mjs
scripts/session-ingest-smoke.mjsView on unpkg · L59