AI Security Review
scanned 2h ago · by lpm-firewall-aiRunning the `mocode` CLI enables an LLM-driven coding agent with shell, filesystem, and network capabilities. On startup, its self-updater may asynchronously install a newer global version of the same package.
Decision evidence
public snapshot- `dist/updater/index.js` auto-checks on CLI startup and can detach `npm install -g mocode-ai@latest`.
- `dist/tools/builtins/run-command.js` exposes arbitrary shell execution to the coding agent.
- `dist/tools/builtins/index.js` registers file-write, web, and command tools.
- `package.json` has only a `prepare` build hook; no preinstall/install/postinstall hook.
- The updater targets the package's own name and npm registry, not unrelated software or agent configuration.
- No inspected source showed credential harvesting, hidden exfiltration, remote payload execution, or destructive install-time behavior.
- `dist/pet/bridge.js` connects only to a loopback WebSocket and its optional pet process is user-invoked.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
dist/ui/clipboard.jsView on unpkg · L1Package source references weak cryptographic algorithms.
dist/attachments/image.jsView on unpkg · L58Package source invokes a package manager install command at runtime.
dist/pet/bridge.jsView on unpkg · L120This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/tools/builtins/run-command.jsView on unpkg