AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package has broad user-invoked browser automation, plugin, and local proxy capabilities, but inspected install/runtime paths match the OpenCLI tool purpose.
Decision evidence
public snapshot- package.json has postinstall/preuninstall lifecycle scripts.
- scripts/postinstall.js writes shell completions and ~/.opencli/spotify.env template on global install.
- scripts/fetch-adapters.js can delete stale files under ~/.opencli/clis and legacy ~/.opencli shims on global/explicit run.
- clis/antigravity/serve.js exposes a localhost Anthropic-compatible proxy to drive Antigravity via CDP when user runs opencli antigravity serve.
- dist/src/plugin.js can clone git repos and run npm install for plugins, but only from explicit plugin commands.
- No install-time credential harvesting or outbound exfiltration found in inspected lifecycle scripts.
- Lifecycle file writes are scoped to shell completion paths and ~/.opencli state, with CI and non-global install skips.
- dist/src/update-check.js only performs background version checks to registry.npmjs.org and api.github.com during CLI runtime.
- dist/src/external.js blocks shell metacharacters in auto-install commands and executes registered external CLIs only on user command.
- Dynamic imports in dist/src/discovery.js load built-in/user adapters/plugins as part of the advertised extensible CLI behavior.
- Network endpoints in clis/* are site-aligned adapters for user-invoked website automation.
Source & flagged code
11 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/src/external.jsView on unpkg · L1Package source references a known benign dynamic code generation pattern.
dist/src/browser/article-extract.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/src/discovery.jsView on unpkg · L1Package source references weak cryptographic algorithms.
clis/flomo/memos.jsView on unpkg · L1Source writes installer persistence such as shell profile or service configuration.
scripts/postinstall.jsView on unpkg · L7A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/src/browser/managed-chrome.jsView on unpkg · L1Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/src/launcher.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
scripts/check-doc-coverage.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
dist/src/cli.jsView on unpkg