AI Security Review
scanned 4d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/services/local-mcp-cli-config-service.js` writes Code UX MCP entries into `~/.claude.json`, `~/.codex/config.toml`, and other provider configs.
- The config mutation is exposed as `installLocalMcpProvider` by `dist/app/lifecycle/dashboard-lifecycle-service.js`.
- `dist/server/terminal-routes.js` starts Docker-backed provider login sessions and handles credential directories.
- `dist/services/provider-tool-manager.js` installs provider CLIs into managed Docker volumes.
- `package.json` has no `preinstall`, `install`, `postinstall`, or `prepare` lifecycle hook.
- `.code-ux/container/setup.sh` only prints setup guidance; it installs nothing.
- CLI execution begins only through the declared `codeux`/`codeux-worker` bin entrypoints.
- Terminal route validates provider IDs, credential path segments, and local login redirect ports.
Source & flagged code
10 flagged · loading sourcePackage source references child process execution.
dist/server/terminal-routes.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/server/terminal-routes.jsView on unpkg · L442This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/server/terminal-routes.jsView on unpkgPackage source references dynamic require/import behavior.
dist/server/terminal-routes.jsView on unpkg · L279Package source references weak cryptographic algorithms.
dist/server/terminal-routes.jsView on unpkg · L1Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dashboard/dist/assets/html.worker-BO6WuOEO.jsView on unpkg · L29Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.code-ux/container/setup.shView on unpkgPackage ships non-JavaScript build or shell helper files.
.code-ux/container/setup.shView on unpkgPackage contains source files above the static scanner size ceiling.
dashboard/dist/assets/editor.api2-KGjWAjnM.jsView on unpkg