AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is a powerful AI/sysadmin CLI with command, file, SSH, and network capabilities, but these are package-aligned and activated by explicit user CLI sessions.
Decision evidence
public snapshot- src/agent/react-loop.js implements an AI-agent loop that can dispatch local command, file, SSH, browser, and web-search tools.
- src/tools/local.js contains shell execution and file write/delete primitives reachable during explicit agent sessions.
- src/agent/react-loop.js posts prompts/history and metadata to configured server /stream in non-local mode.
- package.json has no install/preinstall/postinstall lifecycle hooks; activation is via explicit CLI commands.
- src/index.js is a CLI dispatcher with no hidden import-time payload beyond update-notifier.
- src/services/ssh.js uses user/device-supplied SSH credentials for ssh2 connections; no hardcoded secret or exfiltration sink found.
- README.md advertises command execution, file operations, SSH/network management, provider configuration, and local/server modes.
- src/agent/loop/tool-executor.js applies confirmation gates for non-coding write/dangerous actions and makes subagents read-only.
- find/rg inspection found no hidden dotfile payloads, obfuscation, AGENTS/Codex control-surface writes, or reviewer prompt injection.
Source & flagged code
7 flagged · loading sourcePackage contains a critical-looking secret pattern.
src/services/ssh.jsView on unpkg · L19This package version adds a dangerous source file absent from the previous stored version.
src/agent/react-loop.jsView on unpkgHardcoded password in src/ui/components/ConfirmationDialog.js
src/ui/components/ConfirmationDialog.jsView on unpkg · L41Hardcoded password in src/agent/loop/tool-executor.js
src/agent/loop/tool-executor.jsView on unpkg · L243