AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is a user-invoked AI/sysadmin CLI with powerful but package-aligned local, SSH, file, and network capabilities.
Decision evidence
public snapshot- AI-agent CLI exposes user-invoked local command, file write/delete, SSH exec, browser/search, and websocket tools.
- Default service endpoint is wss://OLOJEDE-osai-agent-server.hf.space; some commands also default to https://agent.osai.dev.
- package.json has no install/preinstall/postinstall lifecycle hooks; entrypoint is CLI bin src/index.js.
- src/services/ssh.js only validates and uses caller-supplied SSH credentials; no embedded private key or secret found.
- src/tools/local.js filters child-process environment to safe keys and applies command safety checks/timeouts.
- src/safety/check.js and src/agent/loop/tool-executor.js require confirmation for writes/dangerous actions outside coding auto-approval modes.
- Network and LLM endpoints in src/llm/direct.js, src/services/server-url.js, and auth commands are package-aligned user-configured service/API calls.
- No source evidence of import-time credential harvesting, persistence, hidden payload download, or unconsented AI-agent control-surface mutation.
Source & flagged code
7 flagged · loading sourcePackage contains a critical-looking secret pattern.
src/services/ssh.jsView on unpkg · L19This package version adds a dangerous source file absent from the previous stored version.
src/agent/react-loop.jsView on unpkgHardcoded password in src/ui/components/ConfirmationDialog.js
src/ui/components/ConfirmationDialog.jsView on unpkg · L41Hardcoded password in src/agent/loop/tool-executor.js
src/agent/loop/tool-executor.jsView on unpkg · L243