AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack is present. On explicit `khabot-studio` launch, the package installs its own bundled agent into the selected project and starts a local orchestration server with agent, terminal, and user-script capabilities.
Decision evidence
public snapshot- `server/index.js` invokes bundled-agent installation at CLI server startup.
- `server/utils/install-builtin-agents.js` copies package agents into `<project>/.khabot/agents/`.
- `built-in-agents/studio-assistant/tools/.shared/remote.js` exposes remote-method execution to the installed agent.
- `built-in-element-apps/script-node/backend.js` executes user-configured code with `new Function` and `require`.
- `server/utils/terminal-manager.js` creates interactive PTYs with the inherited environment.
- `package.json` has no preinstall, install, or postinstall hook.
- Registry access in `bin/khabot-studio.js` occurs only for explicit `--check-for-update`.
- Configured KhaBot traffic defaults to localhost in `server/utils/config.js`.
- No inspected source exfiltrates credentials or targets external credential/config paths.
- The large worker is UTF-8 JavaScript and the WOFF2 artifact is a normal web font.
Source & flagged code
5 flagged · loading sourcePackage source references a known benign dynamic code generation pattern.
built-in-element-apps/script-node/backend.jsView on unpkg · L28Package source references dynamic require/import behavior.
bin/khabot-studio.jsView on unpkg · L3Package ships high-entropy non-source blobs.
nuxt-app/.output/public/_nuxt/materialdesignicons-webfont.Dp5v-WZN.woff2View on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
nuxt-app/.output/public/_nuxt/ts.worker-B0yERHG1.jsView on unpkgPackage contains source files above the static scanner size ceiling.
nuxt-app/.output/public/_nuxt/ts.worker-B0yERHG1.jsView on unpkg