AI Security Review
scanned 11d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Dangerous primitives are aligned with an interactive terminal coding agent and require explicit CLI use, provider configuration, OAuth login, pasted image handling, or approved tool calls.
Decision evidence
public snapshot- package.json has no install/postinstall/prepare lifecycle hooks; only a user-invoked bin at dist/bin.js.
- dist/bin.js only checks for Bun and spawns dist/main.js when the bubble CLI is run.
- dist/tui-ink/image-paste.js uses execFile for clipboard/image tools and temporary resize files, not shell-string execution or persistence.
- dist/tools/bash.js and dist/tools/server-manager.js execute user/model-requested commands behind approval/tool interfaces for a coding agent.
- dist/oauth/openai-codex.js implements PKCE OAuth to OpenAI endpoints with state validation and local callback.
- dist/config.js and dist/oauth/storage.js store Bubble config/auth under ~/.bubble with no evidence of exfiltration outside configured providers.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
dist/tui-ink/image-paste.jsView on unpkg · L9A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/tools/server-manager.jsView on unpkg · L25Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/oauth/openai-codex.jsView on unpkg · L3This package version adds a dangerous source file absent from the previous stored version.
dist/tui-ink/input-box.jsView on unpkg