AI Security Review
scanned 12d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The risky primitives are exposed by a user-run local dashboard for containerized AI-agent workflows and provider login, with local host/origin checks and path validation.
Decision evidence
public snapshot- No lifecycle scripts; bin/main is user-invoked dist/index.js server startup, not install/import execution.
- dist/server/terminal-routes.js starts Docker login containers and installs provider CLIs only through /api/terminal/start.
- Credentials are copied under ~/.code-ux/credentials/<providerConfigId> after provider login, with assertSafePathSegment on providerConfigId.
- Dashboard middleware blocks untrusted Host and hostile cross-site origins for /api mutations; WebSocket also checks origin.
- Network URLs are package-aligned provider/bootstrap endpoints: jules.googleapis.com, claude.ai/install.sh, opencode.ai/install, antigravity.google/cli/install.sh, npm CLIs.
- dist/server/terminal-routes.js uses child_process/docker, local proxy ports, and credential folders, but this matches an interactive containerized AI-agent/login manager.
- .code-ux/container/setup.sh downloads provider tools and Playwright in container bootstrap, not hidden install-time execution.
- No source evidence of credential harvesting/exfiltration beyond explicit provider credential storage for configured integrations.
- No persistence, destructive host behavior, dependency confusion, prompt/reviewer manipulation, or lifecycle AI-agent control-surface mutation found.
Source & flagged code
8 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution with blocking evidence.
dist/server/terminal-routes.jsView on unpkg · L522A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/server/terminal-routes.jsView on unpkgPackage source references child process execution.
dist/server/terminal-routes.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/server/terminal-routes.jsView on unpkg · L300Package source references weak cryptographic algorithms.
dist/server/terminal-routes.jsView on unpkg · L1Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.code-ux/container/setup.shView on unpkgPackage ships non-JavaScript build or shell helper files.
.code-ux/container/setup.shView on unpkgPackage contains source files above the static scanner size ceiling.
dashboard/dist/assets/editor.api2-KGjWAjnM.jsView on unpkg