AI Security Review
scanned 13d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The risky behavior is an explicit local dashboard feature for provider login and Docker-based AI-agent workflows, not install-time or hidden execution.
Decision evidence
public snapshot- dist/server/terminal-routes.js exposes user-triggered endpoints that spawn docker containers and proxy terminal I/O.
- dist/server/terminal-routes.js copies login credentials from a temp container mount into ~/.code-ux/credentials/<providerConfigId>.
- dist/services/cli-docker-utils.js and .code-ux/container/setup.sh install provider CLIs via npm or curl scripts.
- package.json has no install/postinstall lifecycle hook; bin/main is dist/index.js only.
- dist/index.js starts an explicit CLI/dashboard server, loads config, and does not run terminal login flows at import/install time.
- dist/server/dashboard-server.js binds dashboard to 127.0.0.1 by default; dashboard-middleware.js blocks hostile cross-site mutation origins.
- dist/server/terminal-routes.js validates providerId against a fixed allowlist and providerConfigId with assertSafePathSegment before filesystem writes.
- Docker/child_process/network behavior aligns with README.md purpose: containerized management of AI sub-agents and provider CLI login.
- No credential harvesting or exfiltration endpoint found; credentials are copied locally under ~/.code-ux/credentials for selected providers.
Source & flagged code
9 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution with blocking evidence.
dist/server/terminal-routes.jsView on unpkg · L486A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/server/terminal-routes.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
dist/server/terminal-routes.jsView on unpkgPackage source references child process execution.
dist/server/terminal-routes.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/server/terminal-routes.jsView on unpkg · L264Package source references weak cryptographic algorithms.
dist/server/terminal-routes.jsView on unpkg · L1Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.code-ux/container/setup.shView on unpkgPackage ships non-JavaScript build or shell helper files.
.code-ux/container/setup.shView on unpkgPackage contains source files above the static scanner size ceiling.
dashboard/dist/assets/editor.api2-KGjWAjnM.jsView on unpkg