AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The risky primitives are tied to an OpenCLI browser/adapter tool: global-install completion setup, local OpenCLI state cleanup, user/plugin discovery, and user-invoked site API calls.
Decision evidence
public snapshot- package.json has postinstall and preuninstall lifecycle hooks.
- scripts/fetch-adapters.js can remove stale files under ~/.opencli/clis and legacy shim files.
- dist/src/discovery.js dynamically imports package/user CLI/plugin modules from clis and ~/.opencli.
- dist/src/launcher.js uses pgrep/pkill/spawn for user-invoked Electron app launch/restart.
- scripts/postinstall.js only runs on global install and writes shell completions plus a Spotify template; no rc-file mutation or exfiltration.
- scripts/fetch-adapters.js states no network calls and only hashes bundled clis to clean stale OpenCLI overrides.
- preuninstall fetches only http://127.0.0.1:19825/shutdown with an OpenCLI header.
- dist/src/external.js parses install commands, rejects shell operators, and executes configured/user-registered external CLIs only when invoked.
- clis/flomo/memos.js sends a browser-derived Flomo token only to flomoapp.com for the requested memos command.
- article-extract.js uses Function to load bundled @mozilla/readability source into page extraction code, aligned with feature behavior.
Source & flagged code
9 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/src/external.jsView on unpkg · L1Package source references a known benign dynamic code generation pattern.
dist/src/browser/article-extract.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/src/discovery.jsView on unpkg · L1Package source references weak cryptographic algorithms.
clis/flomo/memos.jsView on unpkg · L1Source writes installer persistence such as shell profile or service configuration.
scripts/postinstall.jsView on unpkg · L7Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/src/launcher.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
scripts/check-doc-coverage.shView on unpkg