AI Security Review
scanned 10h ago · by lpm-firewall-aiThe explicit self-hosted runner and tunnel commands let the service reach private/local HTTP targets through a token-authenticated client. This is a package-aligned but high-impact remote-control capability; no install-time attack is present.
Decision evidence
public snapshot- `lib/runner.mjs` accepts cloud-supplied job URLs and fetches them from the runner's private network.
- `lib/tunnel.mjs` relays full local HTTP responses through an outbound cloud tunnel.
- `bin/aegis.mjs` can execute a user-supplied dev command and install an opt-in Git pre-push hook.
- Runner reports target metadata, titles, server headers, and broken-link URLs to the API.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- All network and execution paths require an explicit CLI command and an AEGIS token.
- No credential harvesting beyond documented AEGIS token/password inputs was found.
- No eval, native/binary loading, stealth persistence, or destructive behavior was found.
- Hook changes are explicit `aegis hooks install` actions and preserve/restore an existing hook.
Source & flagged code
4 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/aegis.mjsView on unpkgSource combines command execution, command-output handling, and outbound requests; review data flow before blocking.
bin/aegis.mjsView on unpkg · L509Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/aegis.mjsView on unpkg · L9