AI Security Review
scanned 5d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/services/local-mcp-cli-config-service.js writes MCP entries into ~/.claude.json, ~/.gemini/settings.json, ~/.codex/config.toml, and other AI CLI configs.
- dist/server/terminal-routes.js starts Docker login containers and copies generated credentials into ~/.code-ux/credentials/<providerConfigId>.
- dist/server/terminal-routes.js can install provider CLIs in containers via npm or curl-piped installers.
- .code-ux/container/setup.sh bootstraps provider CLIs and Playwright inside Code UX containers.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- dist/index.js only runs when the CLI/bin is invoked and starts the Code UX server or management CLI.
- terminal-routes validates provider IDs and path segments before credential directory rm/mkdir/cp operations.
- No source evidence of credential exfiltration, hidden remote payload execution, destructive host persistence, or install-time AI-agent config hijack.
Source & flagged code
9 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution with blocking evidence.
dist/server/terminal-routes.jsView on unpkg · L562A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/server/terminal-routes.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/server/terminal-routes.jsView on unpkgPackage source references child process execution.
dist/server/terminal-routes.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/server/terminal-routes.jsView on unpkg · L300Package source references weak cryptographic algorithms.
dist/server/terminal-routes.jsView on unpkg · L1Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.code-ux/container/setup.shView on unpkgPackage ships non-JavaScript build or shell helper files.
.code-ux/container/setup.shView on unpkgPackage contains source files above the static scanner size ceiling.
dashboard/dist/assets/editor.api2-KGjWAjnM.jsView on unpkg