AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No concrete supply-chain malware was found, but the package intentionally provides a powerful user-invoked AI agent runtime. It can expose shell, filesystem, plugin, MCP, and messaging capabilities to configured backends.
Decision evidence
public snapshot- src/core/engine/gateway-actions/native.ts exposes runtime AI tools for bash/read/write/edit/search, including local spawn("bash", ["-c", cmd]) and file writes.
- src/backend/codex/mcp-config.ts sets Talon MCP servers default_tools_approval_mode to "approve" for Codex backend.
- src/core/plugin/loader.ts dynamically imports user-configured plugin paths and applies plugin-provided env vars.
- README.md describes the package as an agent harness with full MCP tool access, background agents, triggers, and plugins.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- bin/talon.js only imports tsx then src/cli.ts; execution requires the user invoking the talon CLI.
- src/cli/setup.ts is an explicit interactive setup that writes Talon config from user-supplied values.
- src/backend/codex/mcp-config.ts uses per-process Codex config overrides, not writes to ~/.codex/config.toml.
- src/frontend/discord/formatting.ts Unicode is used in text/mention formatting, not hidden control-flow logic.
- Network hosts observed are product-aligned: Telegram, Discord, Microsoft Graph, OpenAI/Codex, OpenRouter, local 127.0.0.1 bridges.
Source & flagged code
5 flagged · loading sourcePackage source references dynamic require/import behavior.
src/core/plugin/registry.tsView on unpkg · L118Package source references weak cryptographic algorithms.
src/core/soul/embedder.tsView on unpkg · L111Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
bin/talon.jsView on unpkg · L1Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
src/frontend/discord/formatting.tsView on unpkg · L74This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/core/engine/gateway-actions/native.tsView on unpkg