AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a user-invoked AI coding-agent CLI with expected provider, local helper, MCP, and shell/tool capabilities.
Decision evidence
public snapshot- package.json exposes a user-invoked CLI bin at src/cli.mjs for an AI coding-agent workspace
- src/runtime/memory/lib/runtime-fetcher.mjs can download native runtime assets from GitHub and extract them after SHA-256 validation
- src/runtime/channels/lib/whisper-server.mjs spawns a local whisper-server helper and posts WAV data to 127.0.0.1
- src/runtime/shared/update-checker.mjs can check npm and run npm install -g mixdog@latest when invoked
- src/mixdog-session-runtime.mjs supports project .mixdog skills and MCP config changes through runtime tool/admin actions
- package.json has no install/postinstall/prepare lifecycle hook; prepack is publish-time only
- src/cli.mjs only imports app.mjs and calls run() when the CLI is executed
- No install-time writes to CLAUDE.md, .claude, .mcp.json, Codex/Cursor settings, or global agent control surfaces were found
- Runtime downloads in runtime-fetcher validate manifest assets by sha256 and reject unsafe tar paths
- scripts/compact-smoke.mjs secret strings are test fixtures for redaction assertions
- src/runtime/channels/lib/format.mjs contains formatting helpers; no hidden control-flow or payload behavior was found
Source & flagged code
11 flagged · loading sourcePackage contains a possible secret pattern.
scripts/compact-smoke.mjsView on unpkg · L388Package source references child process execution.
scripts/smoke-loop.mjsView on unpkg · L2Package source references dynamic require/import behavior.
scripts/ingest-pure-conversation-smoke.mjsView on unpkg · L12Package source references weak cryptographic algorithms.
src/standalone/plugin-admin.mjsView on unpkg · L1Source writes installer persistence such as shell profile or service configuration.
src/runtime/agent/orchestrator/tools/shell-snapshot.mjsView on unpkg · L13A single source file combines environment access, network access, and code or shell execution; review context before blocking.
src/runtime/channels/lib/whisper-server.mjsView on unpkg · L35Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
src/runtime/memory/lib/runtime-fetcher.mjsView on unpkg · L1Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
src/runtime/channels/lib/format.mjsView on unpkg · L129Package ships non-JavaScript build or shell helper files.
scripts/build-runtime-linux.shView on unpkgHardcoded password in scripts/session-ingest-smoke.mjs
scripts/session-ingest-smoke.mjsView on unpkg · L59