AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was found. The package has install-time first-party OpenCLI setup and cleanup in the user's home directory, which is agent/platform extension lifecycle risk but not foreign control-surface hijack.
Decision evidence
public snapshot- package.json defines postinstall, preuninstall, prepare, and prepublishOnly lifecycle scripts.
- scripts/postinstall.js writes shell completion files and ~/.opencli/spotify.env on global installs.
- scripts/fetch-adapters.js can remove stale overrides under ~/.opencli/clis and legacy ~/.opencli shim files.
- dist/src/main.js creates ~/.opencli compatibility shims and loads user adapters/plugins from ~/.opencli on CLI startup.
- postinstall exits unless npm_config_global=true and skips CI.
- scripts/fetch-adapters.js states no network calls and only hashes packaged clis/ files before first-party ~/.opencli cleanup.
- No lifecycle writes to foreign AI-agent surfaces such as CLAUDE.md, .mcp.json, Codex/Cursor settings, or shell rc files were found.
- Network and browser actions are implemented as user-invoked site adapters, often requiring browser session/auth or explicit --execute for publishing.
- clis/segmentfault/article.js mutates XMLHttpRequest only inside page evaluation to reuse SegmentFault signing and posts to segmentfault.com.
Source & flagged code
11 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/src/external.jsView on unpkg · L1Package source references a known benign dynamic code generation pattern.
dist/src/browser/article-extract.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/src/discovery.jsView on unpkg · L1Package source references weak cryptographic algorithms.
clis/flomo/memos.jsView on unpkg · L1Source writes installer persistence such as shell profile or service configuration.
scripts/postinstall.jsView on unpkg · L7A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/src/browser/managed-chrome.jsView on unpkg · L1Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/src/launcher.jsView on unpkg · L1Source mutates builtin networking, serialization, module-loading, or filesystem APIs while forwarding data to an external endpoint.
clis/segmentfault/article.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
scripts/check-doc-coverage.shView on unpkg