AI Security Review
scanned 2d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/services/local-mcp-cli-config-service.js` writes `code_ux` MCP entries into home-directory configs for Codex, Claude, Gemini, and other AI CLIs.
- `dist/app/lifecycle/dashboard-lifecycle-service.js` exposes that write through `installLocalMcpProvider`.
- `dist/worker/index.js` connects to a user-supplied control-plane URL with an auth token and executes dispatched local workflow tasks.
- `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
- `dist/index.js` executes only when the user invokes the `codeux` binary.
- `.code-ux/container/setup.sh` only prints setup guidance; it installs no payload.
- The MCP config write requires an enabled connection and explicit dashboard provider-install action.
- No source evidence of credential exfiltration, hidden remote payload loading, or persistence beyond the explicit MCP setup feature.
Source & flagged code
10 flagged · loading sourcePackage source references child process execution.
dist/server/terminal-routes.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/server/terminal-routes.jsView on unpkg · L442Package source references dynamic require/import behavior.
dist/server/terminal-routes.jsView on unpkg · L279Package source references weak cryptographic algorithms.
dist/server/terminal-routes.jsView on unpkg · L1Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dashboard/dist/assets/html.worker-BO6WuOEO.jsView on unpkg · L29Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.code-ux/container/setup.shView on unpkgPackage ships non-JavaScript build or shell helper files.
.code-ux/container/setup.shView on unpkgPackage contains source files above the static scanner size ceiling.
dashboard/dist/assets/editor.api2-KGjWAjnM.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/infrastructure/providers/cli/docker-runner.jsView on unpkg