AI Security Review
scanned 2h ago · by lpm-firewall-aiThe package is an agent runtime with host command and PTY execution capabilities. These activate only after a consumer creates and exposes a gateway; source inspection found no install-time execution or covert payload chain.
Decision evidence
public snapshot- `dist/index.mjs` exposes MCP tools that can spawn host commands and PTY sessions.
- `command_execute` captures command stdout/stderr for remote-agent tool responses.
- `createGateway` can expose runtime services and optional tunnel integrations.
- Dynamic imports load local Node modules/binaries, not downloaded code.
- `package.json` has no preinstall/install/postinstall lifecycle hooks.
- Process execution is runtime-invoked, allowlisted by workspace config, workspace-cwd constrained, and uses `shell:false`.
- Mutating `/sessions/*` routes require a bearer token or allowed origin in `dist/index.mjs`.
- No `eval`, `Function`, `vm`, remote-code import, or fetched-payload execution was found.
- Base64 handling is terminal/browser data transport, not payload execution.
Source & flagged code
7 flagged · loading sourceSource executes local commands and sends command output to an external endpoint.
dist/index.mjsView on unpkg · L6Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/index.mjsView on unpkg · L6A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.mjsView on unpkg · L6This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/index.mjsView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.mjsView on unpkg · L16394Package source references dynamic require/import behavior.
dist/index.mjsView on unpkg · L1215