registry  /  @cat-factory/server  /  0.75.1

@cat-factory/server@0.75.1

Runtime-neutral HTTP layer for the Agent Architecture Board: the Hono controllers, middleware (auth/authz/CORS/error), request helpers and the gateway seams shared by every deployment facade (Cloudflare Worker, Node service).

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. Network and credential-handling code is runtime server functionality for OAuth, GitHub, LLM proxying, web search, and container job dispatch.

Static reason
One or more suspicious static signals were detected.
Trigger
Runtime API calls by a configured Cat Factory deployment
Impact
Package-aligned backend operations; no install-time execution, exfiltration, persistence, or foreign AI-agent control-surface mutation identified
Mechanism
authenticated server controllers and injected gateway/service calls
Rationale
The suspicious primitives are expected for a runtime-neutral HTTP server layer in an agent platform and are gated through runtime configuration, auth tokens, or injected services. No lifecycle hook, import-time side effect, hardcoded secret, exfiltration endpoint, destructive action, or unconsented agent-control mutation was found.
Evidence
package.jsondist/index.jsdist/crypto/encoding.jsdist/crypto/encoding.d.tsdist/modules/tasks/TaskSourceController.jsdist/modules/llmProxy/LlmProxyController.jsdist/modules/webSearch/upstreams.jsdist/agents/ContainerAgentExecutor.jsdist/app.js
Network endpoints4
api.search.brave.com/res/v1/web/searchapi.linear.app/oauth/tokenoauth2.googleapis.com/tokengithub.com/apps/

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no npm lifecycle hooks; main is dist/index.js exports only.
    • dist/index.js re-exports controllers/services; no import-time execution observed.
    • dist/crypto/encoding.d.ts secret hit is documentation for PEM parsing, not an embedded key.
    • dist/modules/tasks/TaskSourceController.js implements authenticated Hono task/OAuth routes using injected services.
    • dist/modules/llmProxy/LlmProxyController.js proxies model calls only after signed container-session verification and provider resolution.
    • dist/modules/webSearch/upstreams.js uses package-aligned Brave/SearXNG search with SSRF guard for configured SearXNG URLs.
    Behavioral surface
    Source
    ChildProcessDynamicRequireFilesystemNetwork
    Supply chain
    HighEntropyStringsUrlStrings
    Manifest
    NoLicense
    scanned 127 file(s), 789 KB of source, external domains: accounts.google.com, api.github.com, api.linear.app, api.search.brave.com, github.com, linear.app, oauth2.googleapis.com, www.googleapis.com

    Source & flagged code

    7 flagged · loading source
    dist/crypto/encoding.d.tsView file
    7patternName = private_key_rsa severity = critical line = 7 matchedText = * (`----...CS#1
    Critical
    Critical Secret

    Package contains a critical-looking secret pattern.

    dist/crypto/encoding.d.tsView on unpkg · L7
    7patternName = private_key_rsa severity = critical line = 7 matchedText = * (`----...CS#1
    Critical
    Secret Pattern

    RSA private key in dist/crypto/encoding.d.ts

    dist/crypto/encoding.d.tsView on unpkg · L7
    8patternName = private_key_rsa severity = critical line = 8 matchedText = * (`----... via
    Critical
    Secret Pattern

    RSA private key in dist/crypto/encoding.d.ts

    dist/crypto/encoding.d.tsView on unpkg · L8
    dist/modules/tasks/TaskSourceController.jsView file
    188return unavailable(c); L189: const task = await tasks.importService.import(param(c, 'workspaceId'), sourceParam(c), c.req.valid('json').ref); L190: return c.json(task, 201);
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/modules/tasks/TaskSourceController.jsView on unpkg · L188
    dist/crypto/encoding.jsView file
    30patternName = private_key_rsa severity = critical line = 30 matchedText = * (`----...CS#1
    Critical
    Secret Pattern

    RSA private key in dist/crypto/encoding.js

    dist/crypto/encoding.jsView on unpkg · L30
    31patternName = private_key_rsa severity = critical line = 31 matchedText = * (`----... via
    Critical
    Secret Pattern

    RSA private key in dist/crypto/encoding.js

    dist/crypto/encoding.jsView on unpkg · L31
    dist/github/GitHubAppAuth.d.tsView file
    4patternName = private_key_rsa severity = critical line = 4 matchedText = /** App .... */
    Critical
    Secret Pattern

    RSA private key in dist/github/GitHubAppAuth.d.ts

    dist/github/GitHubAppAuth.d.tsView on unpkg · L4

    Findings

    6 Critical2 Medium5 Low
    CriticalCritical Secretdist/crypto/encoding.d.ts
    CriticalSecret Patterndist/crypto/encoding.d.ts
    CriticalSecret Patterndist/crypto/encoding.d.ts
    CriticalSecret Patterndist/crypto/encoding.js
    CriticalSecret Patterndist/crypto/encoding.js
    CriticalSecret Patterndist/github/GitHubAppAuth.d.ts
    MediumDynamic Requiredist/modules/tasks/TaskSourceController.js
    MediumNetwork
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings
    LowNo License