registry  /  @frumu/tandem-panel  /  0.6.5

@frumu/tandem-panel@0.6.5

Web control center for Tandem authority-layer runtime: agents, workflows, memory, approvals, channels, and ops

AI Security Review

scanned 9d ago · by lpm-firewall-ai

No confirmed malicious attack surface from static source inspection. The package is a Tandem control-panel CLI/server with user-invoked setup, local service management, and configured product API proxies.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs tandem-control-panel/tandem-setup commands or starts the panel server
Impact
Creates Tandem config/state files and optional Tandem system services when explicitly requested; no unconsented install-time execution or exfiltration found
Mechanism
package-aligned control panel setup and runtime proxying
Rationale
Scanner hits map to expected control-panel behavior: child processes, local HTTP server/proxies, env/config files, and optional OS services are user-invoked and package-aligned. I found no lifecycle-triggered persistence, credential harvesting, exfiltration, remote code loading, or foreign AI-agent control-surface mutation.
Evidence
package.jsonbin/cli.jsbin/setup.jsbin/init-env.jsbin/service-runner.jslib/setup/env.jslib/setup/paths.jslib/setup/services/systemd.jslib/setup/services/launchd.jssrc/generated/agent-catalog.json
Network endpoints3
127.0.0.1:39731search.tandem.acapi.githubcopilot.com/mcp/

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/postinstall hook; only prepublishOnly build is publisher-side
    • bin/cli.js only runs user-invoked init/run/doctor/service commands
    • lib/setup/env.js writes package-owned Tandem config/state under XDG/AppData/.tandem paths
    • lib/setup/services/systemd.js and launchd.js install Tandem services only via explicit service/init command and require root
    • bin/setup.js network use proxies configured/local Tandem engine, ACA, KB, and https://search.tandem.ac endpoints
    • No writes to foreign AI-agent surfaces such as CLAUDE.md, .mcp.json, Codex/Cursor settings, or shell startup files found
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsMinifiedUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 76 file(s), 3.21 MB of source, external domains: 127.0.0.1, aistudio.google.com, api.githubcopilot.com, api.minimax.io, api.together.xyz, chatgpt.com, console.anthropic.com, console.aws.amazon.com, console.cloud.google.com, console.groq.com, console.mistral.ai, dashboard.cohere.com, docs.github.com, example.com, git-scm.com, github.com, json-schema.org, openrouter.ai, platform.openai.com, portal.azure.com, search.tandem.ac, www.apple.com, www.w3.org

    Source & flagged code

    5 flagged · loading source
    dist/assets/index-D2jasLWI.jsView file
    2import{C as e,T as t,_ as n,b as r,c as i,h as a,m as o,p as s,v as c,w as l,x as u,y as d}from"./fullcalendar-iGCACCSG.js";import{t as f}from"./preact-vendor-CW8wYfTt.js";import{a... L3: `);u=n.pop()??``;let r=``;for(let e of n)if(e.startsWith(`data:`))r+=e.slice(5).trimStart();else if(e===``&&r){let e=mn(r);e&&(yield e),r=``}}}finally{l.releaseLock()}}function hn(... L4: `)}function Yr(e){let t=String(e?.approval_id||e?.id||``),n=String(e?.run_id||``);return{request_id:t,source:`aca_external_action`,tenant:{org_id:`local`,workspace_id:`aca`},run_id...
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/assets/index-D2jasLWI.jsView on unpkg · L2
    bin/setup.jsView file
    2L3: import { spawn } from "child_process"; L4: import { createServer } from "http"; L5: import { readFileSync, existsSync, createReadStream, createWriteStream } from "fs"; ... L82: for (const [key, value] of Object.entries(parsed)) { L83: if (process.env[key] === undefined) process.env[key] = value; L84: } ... L89: const name = String(username || "").trim(); L90: if (!name) return homedir(); L91: try { L92: const passwd = readFileSync("/etc/passwd", "utf8"); L93: for (const line of passwd.split(/\r?\n/)) {
    Low
    Weak Crypto

    Package source references weak cryptographic algorithms.

    bin/setup.jsView on unpkg · L2
    bin/cli.jsView file
    3Manifest entrypoint (manifest.bin) carries capability families absent from dist/build output: environment+network, execution+network L3: import { basename } from "path"; L4: import { spawn } from "child_process"; L5: import { fileURLToPath } from "url"; ... L23: stdio: "inherit", L24: env: process.env, L25: }); ... L33: const serviceUser = String(cli.value("service-user") || process.env.SUDO_USER || process.env.USER || "").trim(); L34: const homeDir = (await resolveUserHome(serviceUser || process.env.USER, process.platform)) || paths.home; L35: const options = { ... L118: console.log("Mobile pairing is not implemented in this build."); L119: console.log(`Control panel: http://${doctor.panelHost}:${doctor.panelPort}`); L120: console.log(`Public URL: ${doctor.panelPublicUrl || "(not configured)"}`);
    High
    Entrypoint Build Divergence

    Manifest entrypoint contains risky behavior absent from dist/build output.

    bin/cli.jsView on unpkg · L3
    dist/assets/vendor-vciVI5Np.jsView file
    156contains invisible/control Unicode U+FEFF (zero width no-break space) `};delete e.items,Object.assign(e,{type:n,source:t,end:[r]});break}default:{let r=`indent`in e?e.indent:-1,i=`end`in e&&Array.isArray(e.end)?e.end.filter(e=>e.type===`space`||e.type===`comment`||e.type===`newline`):[];for(let t of Object.ke
    Critical
    Trojan Source Unicode

    Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

    dist/assets/vendor-vciVI5Np.jsView on unpkg · L156
    bin/service-local.shView file
    path = bin/service-local.sh kind = build_helper sizeBytes = 1892 magicHex = [redacted]
    Medium
    Ships Build Helper

    Package ships non-JavaScript build or shell helper files.

    bin/service-local.shView on unpkg

    Findings

    1 Critical1 High5 Medium6 Low
    CriticalTrojan Source Unicodedist/assets/vendor-vciVI5Np.js
    HighEntrypoint Build Divergencebin/cli.js
    MediumDynamic Requiredist/assets/index-D2jasLWI.js
    MediumNetwork
    MediumEnvironment Vars
    MediumShips Build Helperbin/service-local.sh
    MediumStructural Risk Force Deep Review
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowWeak Cryptobin/setup.js
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings