AI Security Review
scanned 9h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a user-invoked AI usage dashboard that reads local usage/auth state and calls provider APIs for billing/quota data.
Decision evidence
public snapshot- Reads local AI-tool credentials to query quota/billing APIs at runtime
- Uses child_process for daemon spawn, browser open, macOS keychain, and locating Gemini/npm
- Writes package-owned config/cache/daemon files under tokmon dirs
- package.json has no preinstall/install/postinstall lifecycle hooks
- bin dist/cli.js only runs on user invocation and starts TUI/daemon
- Credential-bearing requests go to matching vendor APIs, not attacker-owned endpoints
- README documents reading local provider data and live quota APIs
- No broad AI-agent config mutation, persistence, destructive action, or remote payload loading found
- Font blobs/web assets appear package UI assets, not executed payloads
Source & flagged code
3 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/chunk-AQNFQRWV.jsView on unpkg · L17A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/chunk-AQNFQRWV.jsView on unpkg · L17Package ships high-entropy non-source blobs.
dist/web/assets/jetbrains-mono-latin-ext-400-normal-fXTG6kC5.woffView on unpkg