registry  /  @axhub/acp  /  0.1.7

@axhub/acp@0.1.7

Experimental sibling project for validating an ACP + [assistant-ui](https://github.com/assistant-ui/assistant-ui) migration path.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The application exposes an explicit cc-connect launch capability that configures and starts a local agent-related service. The default CLI starts a web server, not an install-time hook.

Static reason
No blocking static signals were detected.
Trigger
A running ACP UI/API invokes its cc-connect launch flow.
Impact
Can alter `~/.cc-connect/config.toml`, start a local service, and create local bearer-token configuration.
Mechanism
Writes cc-connect configuration, then executes a configured command, local cc-connect, or `npx -y cc-connect`.
Rationale
Source inspection found no concrete malicious chain or npm lifecycle execution. The cc-connect setup/spawn path is a real agent-extension capability and merits a warning rather than a block.
Evidence
package.jsonbin/acp.mjsdist/lib/acp2aisdk/provider-command.mjsdist/lib/cc-connect/launcher.mjs
Network endpoints2
localhost:9820registry.npmjs.org/${encodeURIComponent(packageName)}

Decision evidence

public snapshot
AI called this Suspicious at 89.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/lib/cc-connect/launcher.mjs` can create and modify `~/.cc-connect/config.toml` and generate access tokens.
  • Its launch flow can invoke `npx -y cc-connect` and start `cc-connect` after runtime activation.
Evidence against
  • `package.json` declares no npm install lifecycle hooks.
  • Observed network calls are localhost control-plane calls and an explicit npm-registry version check; no credential-exfiltration endpoint was found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
NoLicense
scanned 178 file(s), 1.70 MB of source, external domains: 127.0.0.1, api.example.com, api.openai.com, client.example.com, docs.fal.ai, github.com, react.dev, registry.npmjs.org, www.ifdian.net, www.w3.org

Source & flagged code

5 flagged · loading source
bin/acp.mjsView file
2L3: import { spawn } from "node:child_process"; L4: import { existsSync } from "node:fs";
High
Child Process

Package source references child process execution.

bin/acp.mjsView on unpkg · L2
dist/lib/acp2aisdk/provider-command.mjsView file
3import path from "node:path"; L4: const WINDOWS_COMMAND_PROCESSOR = "cmd.exe"; L5: const POSIX_GUI_PATHS = [
High
Shell

Package source references shell execution.

dist/lib/acp2aisdk/provider-command.mjsView on unpkg · L3
dist/lib/conversations/client-adapter.mjsView file
340if (externalRepo.messages.length === 0) { L341: aui.thread().import({ messages: [] }); L342: }
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/lib/conversations/client-adapter.mjsView on unpkg · L340
dist/lib/cc-connect/launcher.mjsView file
1var _a; L2: import { execFile, spawn } from "node:child_process"; L3: import { randomBytes } from "node:crypto"; ... L8: const execFileAsync = promisify(execFile); L9: const DEFAULT_CC_CONNECT_WEB_URL = "http://localhost:9820"; L10: const DEFAULT_CC_CONNECT_CONFIG_PATH = path.join(os.homedir(), ".cc-connect", "config.toml"); L11: const DEFAULT_CC_CONNECT_COMMAND = "cc-connect"; L12: const CC_CONNECT_PACKAGE = ((_a = process.env.CC_CONNECT_PACKAGE) === null || _a === void 0 ? void 0 : _a.trim()) || "cc-connect"; L13: const DEFAULT_STARTUP_TIMEOUT_MS = 30000;
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/lib/cc-connect/launcher.mjsView on unpkg · L1
public/image-playground/assets/KaTeX_Script-Regular-D3wIWfF6.woff2View file
path = public/image-playground/assets/KaTeX_Script-Regular-D3wIWfF6.woff2 kind = high_entropy_blob sizeBytes = 9644 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

public/image-playground/assets/KaTeX_Script-Regular-D3wIWfF6.woff2View on unpkg

Findings

4 High4 Medium5 Low
HighChild Processbin/acp.mjs
HighShelldist/lib/acp2aisdk/provider-command.mjs
HighSame File Env Network Executiondist/lib/cc-connect/launcher.mjs
HighShips High Entropy Blobpublic/image-playground/assets/KaTeX_Script-Regular-D3wIWfF6.woff2
MediumDynamic Requiredist/lib/conversations/client-adapter.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License