AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No malicious install-time attack surface is established. The package is a user-invoked AI agent CLI with runtime MCP/plugin execution and Codex auto-approval of Talon-owned MCP tools, which is package-aligned but security-sensitive.
Decision evidence
public snapshot- src/backend/codex/mcp-config.ts sets Talon MCP servers default_tools_approval_mode to approve for Codex runtime.
- src/core/plugin/loader.ts dynamically imports user-configured plugin paths and applies plugin env vars.
- src/util/mcp-launcher.ts spawns configured MCP child commands under a supervisor.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- bin/talon.js only bootstraps tsx and src/cli.ts for user-invoked CLI use.
- src/cli/setup.ts explicitly prompts before saving service tokens/config via src/cli/config.ts.
- src/frontend/discord/formatting.ts Unicode is zero-width mention suppression, not hidden control flow.
- No source evidence of credential harvesting, exfiltration, destructive install behavior, or broad unconsented agent config mutation.
Source & flagged code
4 flagged · loading sourcePackage source references dynamic require/import behavior.
src/core/plugin/registry.tsView on unpkg · L118Package source references weak cryptographic algorithms.
src/core/soul/embedder.tsView on unpkg · L111Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
bin/talon.jsView on unpkg · L1Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
src/frontend/discord/formatting.tsView on unpkg · L74