AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package has install/runtime filesystem writes, network checks, dynamic plugin loading, and child process use, but they are aligned with a CLI/browser automation tool and are mostly user-invoked or scoped to OpenCLI state.
Decision evidence
public snapshot- postinstall writes user completion files and ~/.opencli/spotify.env on global install
- scripts/fetch-adapters.js can delete stale OpenCLI overrides under ~/.opencli/clis
- runtime imports user plugins/adapters from ~/.opencli and plugin install can clone git repos when invoked
- package.json postinstall is best-effort and gated to completion/setup scripts, not credential harvesting
- scripts/fetch-adapters.js states and implements no network calls; cleanup is scoped to OpenCLI cache/adapter paths
- dist/src/update-check.js only fetches npm/GitHub release metadata and writes ~/.opencli/update-check.json
- dist/src/plugin.js git clone/npm install/esbuild behavior is behind explicit opencli plugin commands
- scanner secret in clis/douyin/_shared/tos-upload-short-read.test.js is AWS example test data
- no AGENTS/CLAUDE/Cursor control-surface files found in package
Source & flagged code
15 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
clis/douyin/_shared/tos-upload-short-read.test.jsView on unpkg · L47AWS access key ID in clis/douyin/_shared/tos-upload-short-read.test.js
clis/douyin/_shared/tos-upload-short-read.test.jsView on unpkg · L47AWS access key ID in clis/douyin/_shared/tos-upload-short-read.test.js
clis/douyin/_shared/tos-upload-short-read.test.jsView on unpkg · L67Package source references a known benign dynamic code generation pattern.
dist/src/weixin-download.test.jsView on unpkg · L22Package source references dynamic require/import behavior.
dist/src/discovery.jsView on unpkg · L181Package source executes code through a VM context API.
clis/douban/utils.test.jsView on unpkg · L109Package source references weak cryptographic algorithms.
clis/flomo/memos.jsView on unpkg · L76Source writes installer persistence such as shell profile or service configuration.
scripts/postinstall.jsView on unpkg · L7Package ships non-JavaScript build or shell helper files.
scripts/check-doc-coverage.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
dist/src/cli.jsView on unpkgHardcoded password in dist/src/observation/redaction.test.js
dist/src/observation/redaction.test.jsView on unpkg · L28AWS access key ID in clis/douyin/_shared/tos-upload.test.js
clis/douyin/_shared/tos-upload.test.jsView on unpkg · L149AWS access key ID in clis/douyin/_shared/tos-upload.test.js
clis/douyin/_shared/tos-upload.test.jsView on unpkg · L166