AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a runtime-neutral HTTP server layer whose network and credential flows are expected for OAuth, GitHub integration, LLM proxying, web search, runner pools, and persistence RPC.
Decision evidence
public snapshot- Network-capable server package proxies OAuth, GitHub, LLM, web-search, and persistence requests when runtime routes are invoked.
- ContainerAgentExecutor can pass GitHub and subscription credentials to configured runner transports during user-initiated agent jobs.
- package.json has no lifecycle scripts; main is dist/index.js with exports only.
- dist/modules/tasks/TaskSourceController.js dynamic_require hint is a false positive: requireTasks is a local helper, no require()/import().
- dist/crypto/encoding.d.ts secret hint is only PEM-format documentation; no embedded key material.
- rg found no child_process/shell execution, eval/Function, lifecycle hooks, or AI-agent control-surface file writes.
- Network endpoints are package-aligned: GitHub/OAuth/Linear/Google/Brave/SearXNG/LLM proxy flows behind Hono controllers.
- Credential handling is explicit: tokens are write-only/redacted or encrypted; GitHub installation tokens are in-memory cached.
Source & flagged code
7 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/crypto/encoding.d.tsView on unpkg · L7RSA private key in dist/crypto/encoding.d.ts
dist/crypto/encoding.d.tsView on unpkg · L7RSA private key in dist/crypto/encoding.d.ts
dist/crypto/encoding.d.tsView on unpkg · L8Package source references dynamic require/import behavior.
dist/modules/tasks/TaskSourceController.jsView on unpkg · L188RSA private key in dist/github/GitHubAppAuth.d.ts
dist/github/GitHubAppAuth.d.tsView on unpkg · L4