AI Security Review
scanned 22h ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. Network, keyring, child_process, and MCP behavior are package-aligned secret-manager features activated by explicit CLI/MCP use, not install-time or import-time execution.
Decision evidence
public snapshot- package.json has no install/preinstall/postinstall lifecycle hooks; bin is user-invoked src/index.ts
- src/lib/oidc-flow.ts uses loopback HTTP callback plus browser opener for OIDC PKCE, not reverse-shell socket piping
- src/commands/mcp.ts install is explicit, dry-run by default, and requires --apply before writing MCP client config
- MCP write/admin/value tools are gated by ATHSRA_MCP_WRITE, ATHSRA_MCP_ADMIN, or ATHSRA_MCP_READ_VALUES
- src/commands/run.ts and src/lib/mcp-tools/run.ts execute user-supplied commands to inject package-managed secrets, with reserved env key blocking
- src/lib/config.ts rejects non-HTTPS worker URLs except localhost before sending bearer tokens
Source & flagged code
5 flagged · loading sourceSource matches reverse-shell style process and socket wiring.
src/lib/oidc-flow.tsView on unpkg · L5A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
src/lib/oidc-flow.tsView on unpkg · L5Package source references child process execution.
src/lib/oidc-flow.tsView on unpkg · L10Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
src/commands/login.tsView on unpkg · L82