AI Security Review
scanned 9d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package exposes a user-invoked AI-agent management server that can run Docker containers, install provider CLIs, and store provider credentials under its own Code UX directory.
Decision evidence
public snapshot- dist/server/terminal-routes.js can spawn Docker login containers and provider CLIs from a user API route.
- dist/services/cli-docker-utils.js allows selected provider env vars/API tokens to be passed into Docker.
- .code-ux/container/setup.sh installs provider CLIs and uses curl|bash for Claude/OpenCode/Antigravity inside the container bootstrap.
- package.json has no preinstall/install/postinstall lifecycle hooks; execution is via the codeux CLI/bin.
- dist/index.js only loads dotenv/config and starts the CodeUxServer on CLI invocation.
- Credential writes are scoped to ~/.code-ux/credentials/<validated providerConfigId>, with assertSafePathSegment and containment checks.
- Network endpoints are provider/product aligned: GitHub/GitLab/Jules, provider CLI installers, local dashboard/proxy ports.
- No evidence of import-time exfiltration, hidden persistence, destructive host mutation, or unconsented foreign AI-agent config writes.
Source & flagged code
8 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution with blocking evidence.
dist/server/terminal-routes.jsView on unpkg · L533A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/server/terminal-routes.jsView on unpkgPackage source references child process execution.
dist/server/terminal-routes.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/server/terminal-routes.jsView on unpkg · L300Package source references weak cryptographic algorithms.
dist/server/terminal-routes.jsView on unpkg · L1Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.code-ux/container/setup.shView on unpkgPackage ships non-JavaScript build or shell helper files.
.code-ux/container/setup.shView on unpkgPackage contains source files above the static scanner size ceiling.
dashboard/dist/assets/editor.api2-KGjWAjnM.jsView on unpkg