AI Security Review
scanned 10d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The risky primitives are user-invoked local dashboard features for managing provider login containers and storing Code UX credentials.
Decision evidence
public snapshot- dist/server/terminal-routes.js exposes /api/terminal/start to spawn Docker login containers for provider CLIs.
- dist/server/terminal-routes.js copies generated credentials into ~/.code-ux/credentials/<providerConfigId>.
- .code-ux/container/setup.sh installs agent/provider CLIs and downloads installers from provider URLs when invoked in the container bootstrap.
- package.json has no preinstall/install/postinstall lifecycle hook; bin is user-invoked dist/index.js.
- dist/server/dashboard-server.js binds dashboard to 127.0.0.1 by default and middleware rejects untrusted Host/cross-site mutation requests.
- dist/server/terminal-routes.js validates providerConfigId with assertSafePathSegment before fs.rm/mkdir/cp.
- Credential writes are under package-owned ~/.code-ux/credentials, not foreign Claude/Codex/Cursor control surfaces.
- Provider install/network behavior is package-aligned for a containerized AI-agent manager.
Source & flagged code
9 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution with blocking evidence.
dist/server/terminal-routes.jsView on unpkg · L533A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/server/terminal-routes.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/server/terminal-routes.jsView on unpkgPackage source references child process execution.
dist/server/terminal-routes.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/server/terminal-routes.jsView on unpkg · L300Package source references weak cryptographic algorithms.
dist/server/terminal-routes.jsView on unpkg · L1Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.code-ux/container/setup.shView on unpkgPackage ships non-JavaScript build or shell helper files.
.code-ux/container/setup.shView on unpkgPackage contains source files above the static scanner size ceiling.
dashboard/dist/assets/editor.api2-KGjWAjnM.jsView on unpkg