AI Security Review
scanned 14d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is an AI-agent dashboard/MCP server that can run Docker, provider CLIs, local HTTP services, and credential login flows when the user starts and uses it.
Decision evidence
public snapshot- dist/server/terminal-routes.js can spawn Docker login containers and provider CLI install commands after dashboard API requests
- .code-ux/container/setup.sh installs provider CLIs with npm/curl when a Code UX container is bootstrapped
- dist/config/app-config.js enables an MCP HTTP gateway by default but requires/generates bearer auth for non-loopback binds
- package.json has no install/postinstall/preinstall lifecycle hooks; bin/main is dist/index.js
- dist/index.js only loads config, dotenv, Docker host helper, then starts CodeUxServer on explicit CLI runtime
- dist/server/terminal-routes.js restricts provider IDs and validates providerConfigId with assertSafePathSegment before fs.rm/fs.cp credential paths
- dist/app/lifecycle/mcp-lifecycle-service.js rate-limits and bearer-authenticates MCP HTTP when authToken is configured
- No source evidence of credential harvesting or exfiltration beyond user-initiated provider login/agent management flows
Source & flagged code
8 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution with blocking evidence.
dist/server/terminal-routes.jsView on unpkg · L486A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/server/terminal-routes.jsView on unpkgPackage source references child process execution.
dist/server/terminal-routes.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/server/terminal-routes.jsView on unpkg · L264Package source references weak cryptographic algorithms.
dist/server/terminal-routes.jsView on unpkg · L1Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.code-ux/container/setup.shView on unpkgPackage ships non-JavaScript build or shell helper files.
.code-ux/container/setup.shView on unpkgPackage contains source files above the static scanner size ceiling.
dashboard/dist/assets/editor.api2-KGjWAjnM.jsView on unpkg