AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found, but the install lifecycle mutates dependency build directories and runs npm rebuild. Runtime network and credential handling match the advertised Slack adapter behavior.
Decision evidence
public snapshot- package.json postinstall deletes better-sqlite3 build dirs under node_modules and runs npm rebuild better-sqlite3 at install time.
- dist/index.js exposes --reset-config path that execSyncs `usrcp setup --adapter=slack`, but only when user passes the flag.
- dist/setup.js validates user-entered Slack and Anthropic credentials against vendor APIs and opens vendor setup URLs via execSync after prompt.
- No import-time execution beyond module definitions; dist/index.js main only starts when run as CLI.
- Network use is package-aligned: Slack Socket Mode/API and Anthropic SDK for a Slack bot setup/reply workflow.
- Secrets are read from encrypted adapter config and user prompts; no evidence of credential harvesting or exfiltration to non-vendor endpoints.
- No eval/vm/Function, persistence, hidden downloader, binary loading, or AI-agent control-surface writes found.
- Slack capture/reply logic is gated by configured user_id and allowlisted_channels.
Source & flagged code
6 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/setup.jsView on unpkg · L46Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/setup.jsView on unpkg · L210Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/setup.js#virtual:normalized:round1View on unpkg · L46