registry  /  @frumu/tandem-panel  /  0.6.6

@frumu/tandem-panel@0.6.6

Web control center for Tandem authority-layer runtime: agents, workflows, memory, approvals, channels, and ops

AI Security Review

scanned 8d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. Risky primitives are package-aligned control-panel setup, optional service installation, and local Tandem API communication behind explicit CLI/runtime use.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs tandem-control-panel/tandem-setup init, service, or run commands.
Impact
Creates Tandem config/state and optional OS services for Tandem engine/control-panel; no install-time mutation or exfiltration observed.
Mechanism
Explicit Tandem env bootstrap, local panel server, and optional Tandem service registration.
Rationale
Static inspection shows a Tandem control-panel package with explicit CLI setup/service features and runtime local/configurable API calls, but no npm install-time execution, foreign AI-agent control-surface mutation, credential theft, destructive behavior, or remote payload execution. Scanner findings map to product-aligned service/runtime primitives and bundled UI/catalog data, so the package should be marked clean.
Evidence
package.jsonbin/cli.jsbin/init-env.jsbin/setup.jsbin/service-runner.jslib/setup/env.jslib/setup/services/systemd.jslib/setup/services/launchd.jsserver/routes/capabilities.jsserver/routes/knowledgebase.js~/.config/tandem/control-panel.env~/.local/share/tandem/data/config.json/etc/systemd/system/tandem-engine.service/etc/systemd/system/tandem-control-panel.service/Library/LaunchDaemons/ai.frumu.tandem.engine.plist/Library/LaunchDaemons/ai.frumu.tandem.control-panel.plist
Network endpoints4
127.0.0.1:39731127.0.0.1:39732search.tandem.actandem.ac

Decision evidence

public snapshot
AI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
  • Explicit CLI service install can create systemd/launchd services for Tandem components.
  • Runtime panel proxies to configured local/enterprise Tandem endpoints.
Evidence against
  • package.json has no install/postinstall/prepare hook; only prepublishOnly build hook.
  • bin/cli.js and bin/init-env.js require explicit user commands for init/service actions.
  • lib/setup/env.js writes Tandem env/config under XDG/app support paths, not foreign agent control files.
  • Service files in lib/setup/services/* are named Tandem engine/control-panel and require root/user invocation.
  • No credential harvesting or exfiltration endpoint found; token reads are for configured local Tandem APIs.
  • Generated agent/MCP catalog is product UI data, not lifecycle-planted foreign agent instructions.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 76 file(s), 3.22 MB of source, external domains: 127.0.0.1, aistudio.google.com, api.githubcopilot.com, api.minimax.io, api.together.xyz, chatgpt.com, console.anthropic.com, console.aws.amazon.com, console.cloud.google.com, console.groq.com, console.mistral.ai, dashboard.cohere.com, docs.github.com, example.com, git-scm.com, github.com, json-schema.org, openrouter.ai, platform.openai.com, portal.azure.com, search.tandem.ac, www.apple.com, www.w3.org

Source & flagged code

5 flagged · loading source
dist/assets/index-BVXQsh9I.jsView file
2import{C as e,T as t,_ as n,b as r,c as i,h as a,m as o,p as s,v as c,w as l,x as u,y as d}from"./fullcalendar-iGCACCSG.js";import{t as f}from"./preact-vendor-CW8wYfTt.js";import{a... L3: `);u=n.pop()??``;let r=``;for(let e of n)if(e.startsWith(`data:`))r+=e.slice(5).trimStart();else if(e===``&&r){let e=In(r);e&&(yield e),r=``}}}finally{l.releaseLock()}}function Ln(... L4: `)}function Di(e){let t=String(e?.approval_id||e?.id||``),n=String(e?.run_id||``);return{request_id:t,source:`aca_external_action`,tenant:{org_id:`local`,workspace_id:`aca`},run_id...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/assets/index-BVXQsh9I.jsView on unpkg · L2
bin/setup.jsView file
2L3: import { spawn } from "child_process"; L4: import { createServer } from "http"; L5: import { readFileSync, existsSync, createReadStream, createWriteStream } from "fs"; ... L82: for (const [key, value] of Object.entries(parsed)) { L83: if (process.env[key] === undefined) process.env[key] = value; L84: } ... L89: const name = String(username || "").trim(); L90: if (!name) return homedir(); L91: try { L92: const passwd = readFileSync("/etc/passwd", "utf8"); L93: for (const line of passwd.split(/\r?\n/)) {
Low
Weak Crypto

Package source references weak cryptographic algorithms.

bin/setup.jsView on unpkg · L2
bin/cli.jsView file
3Manifest entrypoint (manifest.bin) carries capability families absent from dist/build output: environment+network, execution+network L3: import { basename } from "path"; L4: import { spawn } from "child_process"; L5: import { fileURLToPath } from "url"; ... L23: stdio: "inherit", L24: env: process.env, L25: }); ... L33: const serviceUser = String(cli.value("service-user") || process.env.SUDO_USER || process.env.USER || "").trim(); L34: const homeDir = (await resolveUserHome(serviceUser || process.env.USER, process.platform)) || paths.home; L35: const options = { ... L118: console.log("Mobile pairing is not implemented in this build."); L119: console.log(`Control panel: http://${doctor.panelHost}:${doctor.panelPort}`); L120: console.log(`Public URL: ${doctor.panelPublicUrl || "(not configured)"}`);
High
Entrypoint Build Divergence

Manifest entrypoint contains risky behavior absent from dist/build output.

bin/cli.jsView on unpkg · L3
dist/assets/vendor-12YBvskU.jsView file
153contains invisible/control Unicode U+FEFF (zero width no-break space) `};delete e.items,Object.assign(e,{type:n,source:t,end:[r]});break}default:{let r=`indent`in e?e.indent:-1,i=`end`in e&&Array.isArray(e.end)?e.end.filter(e=>e.type===`space`||e.type===`comment`||e.type===`newline`):[];for(let t of Object.ke
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/assets/vendor-12YBvskU.jsView on unpkg · L153
bin/service-local.shView file
path = bin/service-local.sh kind = build_helper sizeBytes = 1892 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

bin/service-local.shView on unpkg

Findings

1 Critical1 High5 Medium6 Low
CriticalTrojan Source Unicodedist/assets/vendor-12YBvskU.js
HighEntrypoint Build Divergencebin/cli.js
MediumDynamic Requiredist/assets/index-BVXQsh9I.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperbin/service-local.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptobin/setup.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings