AI Security Review
scanned 9d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a CLI/server for containerized AI-agent workflows with explicit runtime Docker, provider-login, and git command execution capabilities.
Decision evidence
public snapshot- Runtime route can spawn Docker/login shells for configured AI providers: dist/server/terminal-routes.js
- Container bootstrap installs provider CLIs and runs curl-piped installers for Claude/OpenCode/Antigravity: .code-ux/container/setup.sh
- CommandRunner executes git/docker subprocesses and forwards selected git auth env into helper containers: dist/shared/subprocess/command-runner.js
- package.json has no preinstall/install/postinstall lifecycle hooks
- dist/index.js only loads dotenv/config and starts the Code UX server or management CLI on explicit invocation
- terminal-routes.js limits providerId to known providers and validates providerConfigId with assertSafePathSegment before filesystem writes
- Login credential writes are under ~/.code-ux/credentials temp/provider directories for explicit login flow, not import/install time
- Subprocess use is package-aligned for containerized AI-agent workflow and git operations; no credential exfiltration endpoint found
Source & flagged code
9 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution with blocking evidence.
dist/server/terminal-routes.jsView on unpkg · L533A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/server/terminal-routes.jsView on unpkgPackage source references child process execution.
dist/server/terminal-routes.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/server/terminal-routes.jsView on unpkg · L300Package source references weak cryptographic algorithms.
dist/server/terminal-routes.jsView on unpkg · L1Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.code-ux/container/setup.shView on unpkgPackage ships non-JavaScript build or shell helper files.
.code-ux/container/setup.shView on unpkgPackage contains source files above the static scanner size ceiling.
dashboard/dist/assets/editor.api2-KGjWAjnM.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/shared/subprocess/command-runner.jsView on unpkg