AI Security Review
scanned 1d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Explicit CLI/MCP build operations read supplied project inputs and write TypeGlish artifacts under the project-local .typeglish directory.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `typeglish build`, invokes its MCP build tool, or explicitly configures and calls `typeglish claude-hook`.
Impact
No unconsented install-time mutation, persistence, network communication, credential harvesting, or remote code execution established.
Mechanism
Local prompt compilation, artifact generation, and optional stdin-based hook evaluation.
Rationale
Static inspection shows a package-aligned local compiler/MCP tool, with file writes reachable only through explicit build actions. Scanner flags are explained by bundled dependencies, local dynamic imports, and Unicode-lint regexes rather than an attack chain.
Evidence
package.jsondist/cli.jsdist/mcp.jsdist/chunk-3NQ3VYO6.jsdist/chunk-KRYC4OTL.js.typeglish/dist/<name>.txt.typeglish/dist/<name>.agent.json.typeglish/build-manifest.json.typeglish/deploy-gate.json
Decision evidence
public snapshotAI called this Clean at 98.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall/install/postinstall hook; prepare only runs husky.
- dist/cli.js gates Claude behavior only through explicit `claude-hook` invocation.
- dist/cli.js writes only user-requested build artifacts and .typeglish manifest files.
- No package-authored network, shell, credential-exfiltration, or remote-payload path found.
- The reported invisible Unicode in dist/chunk-KRYC4OTL.js is deliberate lint detection regex data.
- Dynamic import loads local MCP/spell/Z3 modules or declared optional peers.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystem
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/chunk-KRYC4OTL.jsView file
246contains invisible/control Unicode U+200D (zero width joiner)
re: /(?![©®™])\p{Extended_Pictographic}(?:️)?(?:<U+200D>(?![©®™])\p{Extended_Pictographic}(?:️)?)*/gu,
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/chunk-KRYC4OTL.jsView on unpkg · L246•Trigger-reachable chain: manifest.main -> dist/index.js -> dist/chunk-KRYC4OTL.js
Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/chunk-KRYC4OTL.jsView on unpkgFindings
2 Critical3 Medium6 Low
CriticalTrojan Source Unicodedist/chunk-KRYC4OTL.js
CriticalTrigger Reachable Dangerous Capabilitydist/chunk-KRYC4OTL.js
MediumDynamic Require
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEval
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings