AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Risky primitives are tied to explicit CLI operations for PR review, provider checks, license activation, ZCode execution, and launchd daemon control, not install-time execution.
Decision evidence
public snapshot- package.json defines bin dist/src/cli.js and scripts only; no preinstall/install/postinstall lifecycle hooks.
- dist/src/cli.js requires explicit commands; init writes a chosen JSON config path and daemon start/stop defaults to dry-run.
- dist/src/cli.js live launchctl mutation requires --dry-run false and --confirm true; external plist also requires --allow-external-plist true.
- dist/src/config.js and dist/src/providers.js reject private/link-local/cloud metadata provider hosts rather than fetching them.
- dist/src/github.js uses configured GitHub API base URL with root-relative paths and bearer auth for PR review functionality.
- dist/src/zcode.js temporarily writes .zcode/config.json to restrict tools, then restores/removes it after the invoked user review command.
Source & flagged code
4 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/src/cli.jsView on unpkgSource writes installer persistence such as shell profile or service configuration.
dist/src/cli.jsView on unpkg · L1Source reaches cloud instance metadata or link-local credential endpoints.
dist/src/config.jsView on unpkg · L1