AI Security Review
scanned 12d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The risky primitives are local dashboard and container orchestration features aligned with an AI sub-agent manager, activated by explicit runtime API use rather than install or import.
Decision evidence
public snapshot- dist/server/terminal-routes.js exposes user-invoked dashboard routes that spawn docker and provider CLIs.
- dist/server/terminal-routes.js copies login credentials between ~/.code-ux/credentials temp and provider folders after successful login.
- .code-ux/container/setup.sh downloads provider CLIs with npm/curl during container bootstrap.
- package.json has no install/postinstall lifecycle hook; main/bin only run when codeux is invoked.
- dist/index.js loads config and starts the Code UX server; no import-time exfiltration or persistence found.
- dist/server/dashboard-server.js binds dashboard to 127.0.0.1 by default.
- dist/server/dashboard-middleware.js blocks untrusted Host and hostile browser origins for /api routes.
- dist/server/terminal-routes.js validates provider IDs and path segments before filesystem credential operations.
- Observed network endpoints are provider/service aligned: jules.googleapis.com, claude.ai, opencode.ai, antigravity.google, api.openai.com.
Source & flagged code
9 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution with blocking evidence.
dist/server/terminal-routes.jsView on unpkg · L522A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/server/terminal-routes.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
dist/server/terminal-routes.jsView on unpkgPackage source references child process execution.
dist/server/terminal-routes.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/server/terminal-routes.jsView on unpkg · L300Package source references weak cryptographic algorithms.
dist/server/terminal-routes.jsView on unpkg · L1Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.code-ux/container/setup.shView on unpkgPackage ships non-JavaScript build or shell helper files.
.code-ux/container/setup.shView on unpkgPackage contains source files above the static scanner size ceiling.
dashboard/dist/assets/editor.api2-KGjWAjnM.jsView on unpkg