AI Security Review
scanned 11d ago · by lpm-firewall-aiNo confirmed malicious attack surface found. Risky primitives are aligned with a developer security/automation CLI and are gated by explicit user commands or local configuration.
Decision evidence
public snapshot- package.json has no install/postinstall hook; prepublishOnly is publish-time build only.
- dist/cli.js only runs main() when invoked as CLI, not on import.
- dist/agent-config.js writes managed kit guidance/allow rules during user-invoked setup/agent-config; install-gate is opt-in via --install-gate.
- dist/plugin-loader.js validates npm package names and imports only from project node_modules.
- dist/plugins.js npm install is a user-invoked plugin install path using fixed argv via execFile wrapper.
- dist/memory/remote-sync.js sync is opt-in from ~/.kit/sync.toml, encrypts payloads, and rejects git option/ext/fd remote helpers.
Source & flagged code
9 flagged · loading sourcePackage source references child process execution.
dist/post-pull-audit.jsView on unpkg · L24Package source references a known benign dynamic code generation pattern.
dist/triage-sandbox.jsView on unpkg · L75Package source references dynamic require/import behavior.
dist/plugin-loader.jsView on unpkg · L75Package source references weak cryptographic algorithms.
dist/elevation.jsView on unpkg · L29Source writes installer persistence such as shell profile or service configuration.
dist/cli.jsView on unpkg · L18Package source invokes a package manager install command at runtime.
dist/plugins.jsView on unpkg · L223Package ships non-JavaScript build or shell helper files.
skills/triage/scripts/triage.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
dist/audit-anchor.jsView on unpkg