AI Security Review
scanned 23h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is an OpenCLI browser/site automation platform with lifecycle setup in shell completion and ~/.opencli namespaces. This creates platform extension lifecycle risk, but source inspection did not show unconsented foreign AI-agent hijack or malware behavior.
Decision evidence
public snapshot- package.json postinstall runs scripts/postinstall.js and scripts/fetch-adapters.js.
- scripts/postinstall.js writes shell completions and ~/.opencli/spotify.env on global install.
- scripts/fetch-adapters.js can remove stale overrides and write ~/.opencli/adapter-manifest.json on global/explicit first-run paths.
- dist/src/discovery.js creates ~/.opencli runtime/package symlink and loads user adapters/plugins from ~/.opencli.
- dist/src/plugin.js supports user-invoked git/local plugin install with npm install and transpilation.
- Lifecycle writes are guarded by global install/OPENCLI_FETCH/_OPENCLI_FIRST_RUN and target OpenCLI-owned paths, not foreign AI-agent surfaces.
- No install-time credential harvesting or outbound exfiltration found; adapter network calls are user-invoked site commands.
- preuninstall only POSTs localhost shutdown to 127.0.0.1:19825.
- No evidence of CLAUDE/Codex/Cursor/MCP config planting or permission bypass in lifecycle scripts.
Source & flagged code
11 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/src/external.jsView on unpkg · L1Package source references a known benign dynamic code generation pattern.
dist/src/browser/article-extract.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/src/discovery.jsView on unpkg · L1Package source references weak cryptographic algorithms.
clis/flomo/memos.jsView on unpkg · L1Source writes installer persistence such as shell profile or service configuration.
scripts/postinstall.jsView on unpkg · L7A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/src/browser/managed-chrome.jsView on unpkg · L1Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/src/launcher.jsView on unpkg · L1Source mutates builtin networking, serialization, module-loading, or filesystem APIs while forwarding data to an external endpoint.
clis/segmentfault/article.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
scripts/check-doc-coverage.shView on unpkg