AI Security Review
scanned 13d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is an AI-harness lint/test CLI that can modify project config and agent hook files only through explicit vigiles commands or plugin installation flows.
Decision evidence
public snapshot- dist/cli.js can write project instruction files, .vigiles files, package.json, .codex/config.toml, and hook settings when user runs CLI commands.
- dist/setup-plan.js plans user-invoked global Claude plugin install commands and Codex hook wiring.
- hooks/*.sh run npx vigiles commands when installed as agent hooks.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- dist/core/spec.js main export is builder functions only; no import-time network, shell, or file mutation observed.
- CLI mutations are command-driven setup/compile/lint/test behavior aligned with an AI-harness lint/test tool.
- Network references are localhost mock/audit servers, GitHub metadata, example test URLs, and user-invoked npx/claude/gh commands; no credential exfiltration endpoint found.
- Shell/child_process usage is for linters, harness tests, local Claude/Codex drivers, MCP verification, and explicit setup actions.
- Shipped .claude-plugin/hooks are transparent lint/compile nudges, not lifecycle-installed automatically by npm.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
dist/dialect-drift.jsView on unpkg · L47Package source references dynamic require/import behavior.
dist/eval-baseline.jsView on unpkg · L26This package version adds a dangerous source file absent from the previous stored version.
dist/cli.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L122Package ships non-JavaScript build or shell helper files.
hooks/post-edit.shView on unpkg