registry  /  @fugood/bricks-cli  /  2.24.10

@fugood/bricks-cli@2.24.10

BRICKS CLI - Command-line interface for BRICKS Workspace API

AI Security Review

scanned 4h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a bundled BRICKS CLI with explicit user commands for auth, API calls, self-update, LAN discovery, and an optional ACP bridge.

Static reason
No blocking static signals were detected.
Trigger
User runs the bricks CLI or a documented subcommand.
Impact
User-authorized interaction with BRICKS services and local desktop bridge; no unconsented install-time behavior found.
Mechanism
Documented CLI network/config operations
Rationale
Static inspection shows a product CLI with documented auth/config/network behavior and no lifecycle execution or covert credential/exfiltration path. The risky primitives are user-invoked and package-aligned, including the optional ACP bridge and updater.
Evidence
package.jsonbin/bricksbin/bricks.cmdbin/bricks.jslib/index.jslib/737.jsREADME.md~/.bricks-cli/config.json~/.bricks-project-desktop/acp.sock
Network endpoints11
display.bricks.toolsdisplay-beta.bricks.toolscontrol.bricks.toolscdn.bricks.tools/bricks-cli/releasecdn.bricks.tools/bricks-cli/betaauth0.bricks.tools/mybigday.auth0.com/activity-log-beta.bricks.toolsmedia-beta.bricks.toolslocalhost:3001localhost:19853/sse

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
  • CLI has user-invoked network operations for BRICKS APIs and LAN discovery in lib/index.js/lib/737.js.
  • desktop-acp-bridge can expose ~/.bricks-project-desktop/acp.sock over WebSocket when explicitly run.
  • README documents token/config storage in ~/.bricks-cli/config.json and self-update command.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks.
  • bin/bricks and bin/bricks.cmd only dispatch to bun/node bin/bricks.js; bin/bricks.js imports lib/index.js and calls run().
  • Network endpoints are BRICKS/product-aligned or documented local/LAN endpoints, not covert exfiltration hosts.
  • Token handling is documented for auth login/login-token and config storage, not install/import-time harvesting.
  • Dynamic import pattern is webpack chunk loading from local ./lib/*.js files.
  • No AI-agent control-surface writes, persistence, destructive file operations, or credential scraping found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkWebSocket
Supply chain
HighEntropyStringsMinifiedProtestwareUrlStrings
Manifest
NoLicense
scanned 12 file(s), 4.37 MB of source, external domains: activity-log-beta.bricks.tools, activity-log.bricks.tools, addons.mozilla.org, ai.google.dev, api.anthropic.com, api.openai.com, arxiv.org, auth0.bricks.tools, bank-beta.bricks.tools, bank.bricks.tools, chrome.google.com, commonmark.org, control.bricks.tools, crontab.guru, d1kk0369g9vrck.cloudfront.net, dev.apollodata.com, developer.android.com, display-beta.bricks.tools, display.bricks.tools, display.bricks.tw, docs.anthropic.com, echarts.apache.org, en.wikipedia.org, example.com, firebase.google.com, github.com, huggingface.co, json-schema.org, media-beta.bricks.tools, mybigday.auth0.com, openai.fm, platform.openai.com, raw.githubusercontent.com, rive.app, vocajs.com, www.openresponses.org, www.zombieprototypes.com

Source & flagged code

3 flagged · loading source
lib/886.jsView file
1export const __webpack_esm_id__=886;export const __webpack_esm_ids__=[886];export const __webpack_esm_modules__={1080:(e,t,r)=>{r.d(t,{fd:()=>o,rs:()=>n});Symbol("ZodOutput"),Symbo...
Low
Eval

Package source references a known benign dynamic code generation pattern.

lib/886.jsView on unpkg · L1
lib/index.jsView file
313} L314: `},8498:(e,t,n)=>{e.exports=(e=>{var t={};return n.d(t,e),t})({Box:()=>a.Box,Text:()=>a.Text,render:()=>a.render,useApp:()=>a.useApp,useInput:()=>a.useInput})},9354:(e,t,a)=>{a.d(t... L315: query checkWorkspaceOTP($passcode: String!) {
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

lib/index.jsView on unpkg · L313
bin/bricks.cmdView file
path = bin/bricks.cmd kind = build_helper sizeBytes = 116 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

bin/bricks.cmdView on unpkg

Findings

2 High5 Medium6 Low
HighChild Process
HighSame File Env Network Executionlib/index.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumShips Build Helperbin/bricks.cmd
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvallib/886.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License