AI Security Review
scanned 13d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a scaffolding CLI that writes app modules, skill docs, AGENTS.md, env templates, and can run dependency installation only after user-invoked commands.
Decision evidence
public snapshot- dist/index.js user-invoked add/init writes project files and AGENTS.md, copies skills, and may run pnpm/npm install.
- fastkit.settings.json contains embedded license account credentials used for local CLI authorization.
- registry/modules/ai-chat/files/server/lib/ai/tools.ts includes an http_get tool that can fetch public HTTPS URLs.
- package.json has no lifecycle scripts; bin points only to dist/index.js CLI.
- dist/index.js requires explicit login plus init/add commands before filesystem writes or installs occur.
- Network endpoints found are package-aligned: Stripe, Flitt, Resend, Google OAuth, OpenAI, Anthropic, and user-supplied public HTTPS for ai-chat.
- registry/modules/auth/files/server/routes/auth.ts sends emails to app users and verifies Google tokens; no credential/env exfiltration to attacker endpoint found.
- AGENTS.md and skills writes are disclosed scaffolding behavior for the CLI, not install-time or import-time mutation.
- No obfuscated payload, persistence, destructive behavior, dependency confusion, or lifecycle execution found.
Source & flagged code
4 flagged · loading sourcePackage source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L6620Package source references weak cryptographic algorithms.
registry/modules/billing-flitt/files/server/lib/billing/flitt.tsView on unpkg · L8Source appears to send environment or credential material to an external endpoint.
registry/modules/auth/files/server/routes/auth.tsView on unpkg · L32