AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. Runtime behavior is a music collection/API tool that reads configured API credentials, calls Spotify/YouTube services, downloads media/artwork on demand, and writes local cache/output files.
Static reason
One or more suspicious static signals were detected.
Trigger
Explicit runtime use via npm scripts such as start/serve or running src/main.ts with --out
Impact
User-invoked local output/cache writes and third-party media/API requests; no install-time compromise found
Mechanism
package-aligned media API access and local file caching
Rationale
The suspicious primitives are package-aligned and user-invoked: OAuth, Google/Spotify APIs, media download/cache, and local output generation. With no install hooks, empty .env, no exfiltration, and no foreign control-surface mutation, this should be treated as clean.
Evidence
package.json.envsrc/config.tssrc/Spotify.service.tssrc/Youtube.service.tssrc/YoutubeMusic.service.tssrc/tables.tssrc/main.tssrc/app.tssrc/controller.ts.env.localSPOTIFY_GRANT_PATH../../../files../../../out
Network endpoints5
youtube.com/watch?v=music.youtube.com/playlist?list=www.youtube.com/playlist?list=open.spotify.com/intl-de/album/127.0.0.1:2700
Decision evidence
public snapshotAI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
- src/Spotify.service.ts invokes child_process.exec to open a Spotify authorization URL during runtime auth flow
- src/tables.ts downloads documents/audio with fetch and ytdlp when user code requests table files
- src/main.ts can delete/recreate ../../../out only when run with --out
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hooks or bin entry
- src/config.ts only loads .env.local/.env; packaged .env is 0 bytes
- Network use is aligned to Spotify, YouTube, YouTube Music, thumbnails, and local API functionality
- No credential harvesting or exfiltration endpoint found; Spotify grant is read/written only at SPOTIFY_GRANT_PATH
- No AI-agent control-surface writes, persistence, destructive install behavior, eval/vm, or remote payload loading found
Behavioral surface
ChildProcessFilesystemNetworkShell
UrlStrings
NoLicense
Source & flagged code
1 flagged · loading source.envView file
•patternName = blocked_file
severity = critical
matchedText = .env
redactedSecretContext =
secretLikeLines = 0
notes = no secret-like key/value lines found in sampled text
Critical
Findings
1 Critical1 Medium4 Low
CriticalCritical Secret.env
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License