registry  /  @cat-factory/server  /  0.73.1

@cat-factory/server@0.73.1

Runtime-neutral HTTP layer for the Agent Architecture Board: the Hono controllers, middleware (auth/authz/CORS/error), request helpers and the gateway seams shared by every deployment facade (Cloudflare Worker, Node service).

AI Security Review

scanned 2d ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
Authenticated runtime server routes or agent execution dispatch
Impact
Dangerous if misconfigured or used with untrusted runner infrastructure, but no unconsented lifecycle mutation or exfiltration behavior is present in the package source.
Mechanism
runtime agent orchestration and provider proxying
Rationale
Static inspection shows a package-aligned HTTP server/agent orchestration library with no lifecycle hooks, no import-time payload, no credential harvesting from the host, and no foreign AI-agent control-surface writes. Because it can broker powerful agent runs and credentials at runtime, warn-level handling is reasonable, but the source does not support a malicious verdict.
Evidence
package.jsondist/index.jsdist/crypto/encoding.jsdist/crypto/encoding.d.tsdist/modules/tasks/TaskSourceController.jsdist/modules/webSearch/upstreams.jsdist/modules/llmProxy/LlmProxyController.jsdist/agents/ContainerAgentExecutor.js
Network endpoints6
api.search.brave.com/res/v1/web/searchaccounts.google.comwww.googleapis.comoauth2.googleapis.com/tokenlinear.appapi.linear.app/oauth/token

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/agents/ContainerAgentExecutor.js builds container agent jobs with GitHub installation tokens and optional raw Claude/ChatGPT subscription credentials.
  • dist/modules/llmProxy/LlmProxyController.js forwards authenticated chat completion requests to configured LLM upstreams at runtime.
  • dist/modules/webSearch/upstreams.js provides server-side Brave/SearXNG web search proxying.
Evidence against
  • package.json has no npm lifecycle hooks or bin entries; import surface is dist/index.js exports only.
  • dist/crypto/encoding.d.ts secret hit is documentation for PEM formats, not an embedded private key.
  • dist/modules/tasks/TaskSourceController.js is Hono route wiring for task integrations; no dynamic require or import-time execution found.
  • No writes to home/project AI-agent control surfaces, shell startup files, VCS hooks, or persistence mechanisms found.
  • Network calls are runtime service/OAuth/search/GitHub operations aligned with the package's server purpose.
Behavioral surface
Source
ChildProcessDynamicRequireFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 127 file(s), 774 KB of source, external domains: accounts.google.com, api.github.com, api.linear.app, api.search.brave.com, github.com, linear.app, oauth2.googleapis.com, www.googleapis.com

Source & flagged code

7 flagged · loading source
dist/crypto/encoding.d.tsView file
7patternName = private_key_rsa severity = critical line = 7 matchedText = * (`----...CS#1
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/crypto/encoding.d.tsView on unpkg · L7
7patternName = private_key_rsa severity = critical line = 7 matchedText = * (`----...CS#1
Critical
Secret Pattern

RSA private key in dist/crypto/encoding.d.ts

dist/crypto/encoding.d.tsView on unpkg · L7
8patternName = private_key_rsa severity = critical line = 8 matchedText = * (`----... via
Critical
Secret Pattern

RSA private key in dist/crypto/encoding.d.ts

dist/crypto/encoding.d.tsView on unpkg · L8
dist/modules/tasks/TaskSourceController.jsView file
188return unavailable(c); L189: const task = await tasks.importService.import(param(c, 'workspaceId'), sourceParam(c), c.req.valid('json').ref); L190: return c.json(task, 201);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/modules/tasks/TaskSourceController.jsView on unpkg · L188
dist/crypto/encoding.jsView file
30patternName = private_key_rsa severity = critical line = 30 matchedText = * (`----...CS#1
Critical
Secret Pattern

RSA private key in dist/crypto/encoding.js

dist/crypto/encoding.jsView on unpkg · L30
31patternName = private_key_rsa severity = critical line = 31 matchedText = * (`----... via
Critical
Secret Pattern

RSA private key in dist/crypto/encoding.js

dist/crypto/encoding.jsView on unpkg · L31
dist/github/GitHubAppAuth.d.tsView file
4patternName = private_key_rsa severity = critical line = 4 matchedText = /** App .... */
Critical
Secret Pattern

RSA private key in dist/github/GitHubAppAuth.d.ts

dist/github/GitHubAppAuth.d.tsView on unpkg · L4

Findings

6 Critical2 Medium5 Low
CriticalCritical Secretdist/crypto/encoding.d.ts
CriticalSecret Patterndist/crypto/encoding.d.ts
CriticalSecret Patterndist/crypto/encoding.d.ts
CriticalSecret Patterndist/crypto/encoding.js
CriticalSecret Patterndist/crypto/encoding.js
CriticalSecret Patterndist/github/GitHubAppAuth.d.ts
MediumDynamic Requiredist/modules/tasks/TaskSourceController.js
MediumNetwork
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License