registry  /  @canonmsg/core  /  3.2.0

@canonmsg/core@3.2.0

Canon core — shared types, REST client, SSE stream, and registration for Canon messaging

AI Security Review

scanned 5d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a Canon messaging core library whose network, local profile, RTDB, and git-worktree helpers are exposed as user-invoked APIs rather than install-time or import-time behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
User application imports and explicitly calls Canon client, stream, registration, local profile, or host environment helper APIs.
Impact
Caller-directed Canon messaging/runtime operations; no evidence of unconsented exfiltration, persistence, destructive action, or install-time mutation.
Mechanism
Package-aligned REST/SSE/RTDB client and local runtime state helpers.
Rationale
Static inspection found suspicious primitives, but they match the package's Canon client/runtime purpose and are activated by explicit API calls. With no lifecycle hook, import-time execution chain, credential harvesting, arbitrary payload execution, or foreign AI-agent control mutation, the package should be marked clean.
Evidence
package.jsondist/constants.jsdist/index.jsdist/browser.jsdist/client.jsdist/stream.jsdist/rtdb-rest.jsdist/agent-profiles.jsdist/execution-environment.jsdist/local-runtime-catalog.jsdist/control-poller.jsdist/registration.js
Network endpoints4
api-6m6mlelskq-uc.a.run.appcanon-agent-stream-195218560334.us-central1.run.appproject-007a8e71-ba01-49e6-8aa-default-rtdb.firebaseio.comidentitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/constants.js embeds Canon/Firebase service URLs and a Firebase web API key.
  • dist/client.js, dist/stream.js, and dist/rtdb-rest.js perform authenticated network calls when library APIs are invoked.
  • dist/execution-environment.js can run git via spawnSync and write local Canon workspace state when host helpers are called.
  • dist/agent-profiles.js reads/writes ~/.canon profiles and locks when explicit profile helpers are used.
Evidence against
  • package.json has no preinstall/install/postinstall hooks; only prepack/build scripts are developer packaging flows.
  • dist/index.js, dist/browser.js, dist/host.js, and dist/local.js are barrel exports with no import-time attack behavior observed.
  • Network endpoints are package-aligned Canon API/stream/RTDB/Firebase token exchange helpers, not arbitrary exfiltration sinks.
  • No credential harvesting beyond caller-provided Canon API keys/profile config; secret redaction utilities are defensive.
  • No eval/vm/Function, native binary loading, persistence mechanism, destructive filesystem behavior, or AI-agent control-surface install mutation found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 49 file(s), 334 KB of source, external domains: api-6m6mlelskq-uc.a.run.app, canon-agent-stream-195218560334.us-central1.run.app, identitytoolkit.googleapis.com, project-007a8e71-ba01-49e6-8aa-default-rtdb.firebaseio.com

Source & flagged code

3 flagged · loading source
dist/constants.jsView file
4patternName = google_api_key severity = high line = 4 matchedText = export c...lE';
High
High Secret

Package contains a high-severity secret pattern.

dist/constants.jsView on unpkg · L4
4patternName = google_api_key severity = high line = 4 matchedText = export c...lE';
High
Secret Pattern

Google API key in dist/constants.js

dist/constants.jsView on unpkg · L4
dist/constants.d.tsView file
4patternName = google_api_key severity = high line = 4 matchedText = export d...lE";
High
Secret Pattern

Google API key in dist/constants.d.ts

dist/constants.d.tsView on unpkg · L4

Findings

3 High2 Medium4 Low
HighHigh Secretdist/constants.js
HighSecret Patterndist/constants.js
HighSecret Patterndist/constants.d.ts
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings