AI Security Review
scanned 1d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The risky primitives are lifecycle home-directory setup, local cleanup, browser automation, dynamic adapter loading, and user-invoked service API calls that align with an extensible browser CLI.
Decision evidence
public snapshot- package.json has postinstall and preuninstall lifecycle scripts.
- scripts/postinstall.js writes completion files and ~/.opencli/spotify.env on global install.
- scripts/fetch-adapters.js can remove stale ~/.opencli/clis overrides and legacy shim files on global/explicit install.
- No install-time credential harvesting or outbound exfiltration found in scripts/postinstall.js or scripts/fetch-adapters.js.
- preuninstall only POSTs to http://127.0.0.1:19825/shutdown with a local OpenCLI header.
- dist/src/external.js executes user/configured external CLIs after parsing install commands to reject shell operators.
- dist/src/discovery.js dynamically imports adapter/plugin JS from package and ~/.opencli as the product extension mechanism.
- dist/src/update-check.js only fetches npm/GitHub update metadata and caches it under ~/.opencli.
- clis/flomo/memos.js sends a browser-session token only to Flomo API for a user-invoked Flomo command.
Source & flagged code
10 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/src/external.jsView on unpkg · L1Package source references a known benign dynamic code generation pattern.
dist/src/browser/article-extract.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/src/discovery.jsView on unpkg · L1Package source references weak cryptographic algorithms.
clis/flomo/memos.jsView on unpkg · L1Source writes installer persistence such as shell profile or service configuration.
scripts/postinstall.jsView on unpkg · L7A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/src/browser/managed-chrome.jsView on unpkg · L1Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/src/launcher.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
scripts/check-doc-coverage.shView on unpkg