AI Security Review
scanned 23h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a secret-manager CLI with user-invoked MCP registration and opt-in agent tools, but no lifecycle or import-time mutation.
Decision evidence
public snapshot- src/commands/mcp.ts has user-invoked `athsra mcp install --apply` that can write Claude/Cursor/VSCode MCP config files.
- src/lib/mcp-register.ts supports user-scope targets `~/.claude.json` and `~/.cursor/mcp.json`.
- MCP server exposes secret-manager tools; write/admin/value capabilities are gated by ATHSRA_MCP_* env flags.
- package.json has no install/preinstall/postinstall lifecycle scripts.
- src/index.ts only dispatches CLI commands after user invocation; mcp is lazy-loaded only for `athsra mcp`.
- src/lib/oidc-flow.ts child_process use opens a browser for OIDC login; loopback server binds 127.0.0.1 and validates state.
- Network endpoints are package-aligned: modfolio/athsra auth, worker, npm update check, and Cloudflare API for adoption.
- No evidence of credential harvesting/exfiltration beyond documented secret-manager login/keyring/token workflows.
- No prompt injection or unconsented foreign AI-agent config mutation found at install/import time.
Source & flagged code
5 flagged · loading sourceSource matches reverse-shell style process and socket wiring.
src/lib/oidc-flow.tsView on unpkg · L5A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
src/lib/oidc-flow.tsView on unpkg · L5Package source references child process execution.
src/lib/oidc-flow.tsView on unpkg · L10Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
src/commands/login.tsView on unpkg · L82