AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a runtime-neutral HTTP server layer with user/runtime-invoked controllers for OAuth, web search, GitHub, task sources, and LLM proxying.
Decision evidence
public snapshot- Runtime routes proxy LLM/web-search/OAuth/GitHub requests using fetch in dist/modules/llmProxy/LlmProxyController.js and dist/modules/webSearch/upstreams.js.
- Package exports agent/container and GitHub repository helpers from dist/index.js, creating powerful but documented server-side capabilities.
- package.json has no lifecycle scripts and only exposes ./dist/index.js as the main export.
- dist/modules/tasks/TaskSourceController.js contains Hono route handlers and service delegation; no dynamic require/import was found there.
- dist/crypto/encoding.d.ts only documents PEM formats; dist/crypto/encoding.js parses caller-supplied PEM and contains no embedded private key.
- rg found no child_process, eval, Function constructor, package-code file writes, destructive commands, or install/import-time execution.
- Network endpoints are aligned with the HTTP server package: Brave/SearXNG search, OAuth providers, GitHub APIs, and LLM upstream forwarding after session validation.
- No prompt/reviewer manipulation or AI-agent control-surface writes were found in inspected package files.
Source & flagged code
7 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/crypto/encoding.d.tsView on unpkg · L7RSA private key in dist/crypto/encoding.d.ts
dist/crypto/encoding.d.tsView on unpkg · L7RSA private key in dist/crypto/encoding.d.ts
dist/crypto/encoding.d.tsView on unpkg · L8Package source references dynamic require/import behavior.
dist/modules/tasks/TaskSourceController.jsView on unpkg · L188RSA private key in dist/github/GitHubAppAuth.d.ts
dist/github/GitHubAppAuth.d.tsView on unpkg · L4