AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious package behavior was found, but the runtime service exposes host shell command-injection risk through unsanitized values passed to execAsync. Activation requires running the service and calling affected API paths or methods.
Decision evidence
public snapshot- src/services/ImageService.ts interpolates user-controlled image ref into execAsync shell commands for pull/inspect/remove.
- src/services/MicrosandboxRuntimeService.ts interpolates sandbox name into execAsync(`${getMsbPath()} inspect ${name} --format json`).
- src/app.ts makes API authentication optional; routes are exposed when server is run without MICROSANDBOX_API_KEY.
- package.json has no preinstall/install/postinstall lifecycle scripts.
- src/cli.ts only starts the Fastify service on explicit CLI execution.
- Source behavior is package-aligned microsandbox management, not stealth install-time persistence or exfiltration.
- No credential harvesting, reviewer prompt injection, or AI-agent control-surface mutation found.
Source & flagged code
3 flagged · loading sourcesrc/services/ImageService.ts interpolates user-controlled image ref into execAsync shell commands for pull/inspect/remove.
src/services/ImageService.tsView on unpkgsrc/services/MicrosandboxRuntimeService.ts interpolates sandbox name into execAsync(`${getMsbPath()} inspect ${name} --format json`).
src/services/MicrosandboxRuntimeService.tsView on unpkgsrc/app.ts makes API authentication optional; routes are exposed when server is run without MICROSANDBOX_API_KEY.
src/app.tsView on unpkg