AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a user-started authenticated bridge with intentional local-agent, preview, and localhost-proxy capabilities; the scanner's claimed remote decode-and-execute path is not present.
Decision evidence
public snapshot- `dist/cli.js` runs an authenticated WebSocket bridge that can forward backend prompts to opted-in local ACP agents.
- `dist/index.js` can start a preview command and run localhost-only proxy requests after the user starts the CLI.
- `dist/index.js` stores bridge credentials in `~/.buildautomaton/config.json`.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- No package-owned `eval(` or `new Function` remote-payload execution path was found.
- `atob` use in `dist/index.js` is JWT/E2EE decoding; fetched cloud responses are parsed as JSON or blobs, not executed.
- `dist/index.js` restricts backend proxy targets to `localhost`, `127.0.0.1`, and `::1`.
- `dist/index.js` writes only package-owned config/cache/worktree data; no foreign AI-agent configuration mutation was found.
- `README.md` documents the bridge, local-agent, localhost-proxy, and preview features consistent with the source.
Source & flagged code
6 flagged · loading sourceSource fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/index.jsView on unpkg · L55A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/cli.jsView on unpkg · L48Package ships WebAssembly modules.
dist/tree-sitter/tree-sitter-go.wasmView on unpkg