AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is a local Claude Code terminal/GUI, so PTY spawning, localhost networking, and plugin loading are expected runtime capabilities rather than hidden install/import behavior.
Decision evidence
public snapshot- postinstall runs server/fix-pty-perms.js and chmods node-pty spawn-helper files
- Runtime launches claude and user shell PTYs via bin/mulmoterminal.js and server/index.ts
- Server exposes local browser/MCP endpoints that can spawn Claude sessions and plugin tools
- postinstall only resolves node-pty/prebuilds and chmods existing spawn-helper; no network or dropped payload
- bin/update-check.js only fetches registry latest metadata and is best-effort/opt-out
- Child process use is package-aligned: launcher checks claude, starts server, opens localhost UI, and PTYs implement terminal features
- WebSocket/local action routes validate localhost origins and session IDs; shell command PTY is user-driven
- Dynamic imports are limited to configured plugin package names and local plugins/plugins.json has no arbitrary paths
Source & flagged code
10 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
bin/mulmoterminal.jsView on unpkg · L7Manifest entrypoint contains risky behavior absent from dist/build output.
bin/mulmoterminal.jsView on unpkg · L7A single source file combines environment access, network access, and code or shell execution; review context before blocking.
bin/mulmoterminal.jsView on unpkg · L193Package source references dynamic require/import behavior.
server/plugins-registry.tsView on unpkg · L65Package source references weak cryptographic algorithms.
server/worktrees.tsView on unpkg · L6Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/assets/mermaid-parser.core-DC7NPJ_M-gJ-cjH2L.jsView on unpkg · L46Package ships high-entropy non-source blobs.
dist/assets/material-symbols-outlined-DKJDg2oJ.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
dist/assets/index-BQm57UKf.jsView on unpkg