AI Security Review
scanned 30m ago · by lpm-firewall-aiNo confirmed malicious attack surface from static source inspection. The package is a user-invoked E2EE secret-manager CLI with expected network, keyring, MCP, and command-runner features.
Decision evidence
public snapshot- package.json has no lifecycle scripts; bin/main is user-invoked src/index.ts.
- src/lib/oidc-flow.ts child_process use only opens a browser for OIDC PKCE, not reverse shell/socket piping.
- src/commands/run.ts spawns only the user-supplied command after explicit `athsra run ... -- <cmd>`.
- src/commands/mcp.ts install is user-invoked, dry-run by default, and requires --apply to write MCP config.
- MCP write/admin/value tools are gated by ATHSRA_MCP_WRITE, ATHSRA_MCP_ADMIN, or ATHSRA_MCP_READ_VALUES.
- src/lib/config.ts restricts worker URLs to https or localhost before token use.
Source & flagged code
5 flagged · loading sourceSource matches reverse-shell style process and socket wiring.
src/lib/oidc-flow.tsView on unpkg · L5A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
src/lib/oidc-flow.tsView on unpkg · L5Package source references child process execution.
src/lib/oidc-flow.tsView on unpkg · L10Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
src/commands/login.tsView on unpkg · L82