AI Security Review
scanned 3h ago · by lpm-firewall-aiThe running web UI exposes an unauthenticated command-injection sink at `/api/open-file`. Its default server host is `0.0.0.0`, making network reachability possible when the port is exposed.
Decision evidence
public snapshot- `/api/open-file` accepts arbitrary JSON `filePath`.
- Endpoint interpolates `filePath` into `child_process.exec`.
- A quote in `filePath` can terminate the shell-quoted argument.
- Server defaults to host `0.0.0.0`; no auth hook was found.
- Runtime also exposes unauthenticated destructive session/shutdown APIs.
- `package.json` has no preinstall/install/postinstall hooks.
- CLI only starts the bundled local web server.
- No package code exfiltration or external network endpoint was found.
- No AI-agent configuration mutation was found.
Source & flagged code
5 flagged · loading sourcePackage source references a known benign dynamic code generation pattern.
build/client/_app/immutable/chunks/DZ92xsNj.jsView on unpkg · L27Package source references dynamic require/import behavior.
build/server/chunks/chunks/tsx.js-ChmZV8v1.jsView on unpkg · L1Package ships high-entropy non-source blobs.
build/client/_app/immutable/nodes/0.qqC0VZrZ.js.brView on unpkgPackage ships compressed or archive-like blobs.
build/client/_app/immutable/nodes/0.qqC0VZrZ.js.brView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
build/server/chunks/index.js-DMVmBfDO.jsView on unpkg