AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is a media/library tool that talks to Spotify, YouTube, and Google APIs and writes local cache/output files only when its app or scripts are run.
Static reason
One or more suspicious static signals were detected.
Trigger
Explicit user execution of npm scripts such as start or serve, or API calls to the local Express app.
Impact
User-authorized local media collection processing; no unconsented install-time behavior found.
Mechanism
package-aligned media metadata lookup, OAuth grant storage, artwork/audio download, and HTML/audio output generation
Rationale
Static source inspection found suspicious primitives, but they are aligned with the package's Spotify/YouTube media-management purpose and are activated by explicit runtime use, not installation. No concrete malicious chain or unconsented mutation/exfiltration behavior was present.
Evidence
package.json.envsrc/config.tssrc/Spotify.service.tssrc/Youtube.service.tssrc/YoutubeMusic.service.tssrc/tables.tssrc/main.tssrc/app.tssrc/controller.ts
Network endpoints5
127.0.0.1:2700youtube.com/watch?v=music.youtube.com/playlist?list=www.youtube.com/playlist?list=open.spotify.com/intl-de/album/
Decision evidence
public snapshotAI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
- .env is bundled and config.ts loads .env.local/.env, but values are used for Spotify/Youtube API configuration.
- src/Spotify.service.ts uses child_process.exec to open a Spotify auth URL when authorization is requested.
- src/tables.ts can fetch artwork URLs and use ytdlp-nodejs to download audio streams during user-invoked album processing.
Evidence against
- package.json has no preinstall/install/postinstall hooks and no bin entrypoint.
- Exports only ./api to generated client code; runtime scripts are explicit npm scripts.
- Network use is package-aligned: Spotify, YouTube/Google APIs, YouTube media/artwork, local Express server.
- No source evidence of credential harvesting, broad filesystem scanning, exfiltration, persistence, or AI-agent control-surface writes.
- File writes are local app data/cache/output/grant paths tied to media/library functionality.
Behavioral surface
ChildProcessFilesystemNetworkShell
UrlStrings
NoLicense
Source & flagged code
1 flagged · loading source.envView file
•patternName = blocked_file
severity = critical
matchedText = .env
redactedSecretContext =
secretLikeLines = 0
notes = no secret-like key/value lines found in sampled text
Critical
Findings
1 Critical1 Medium4 Low
CriticalCritical Secret.env
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License