registry  /  @hachej/boring-workspace  /  0.1.62

@hachej/boring-workspace@0.1.62

Workspace UI, plugin, and bridge package for composing chat, files, catalogs, editors, and app-specific panes.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack surface is established. At runtime, this is an agent-workspace plugin loader that discovers configured `.pi` extensions and imports their server modules.

Static reason
No blocking static signals were detected.
Trigger
Host application creates a workspace agent server or reloads configured external plugins.
Impact
A trusted host configuration can cause plugin code to execute; the reviewed package itself does not silently install or mutate foreign agent controls.
Mechanism
Runtime loading of package-owned/external agent plugins and configurable bridge HTTP requests.
Rationale
The source implements a real agent-extension loading capability, but its activation is host/runtime configuration driven and no concrete malicious behavior was found. Flag as a guarded lifecycle risk rather than malicious.
Evidence
package.jsondist/app-server.jsdist/server.jsdist/bridge-client.js

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `dist/app-server.js` discovers external `.pi` plugin directories and settings, including `~/.pi/agent`.
  • `dist/server.js` dynamically imports configured plugin server paths for hot reload.
  • `dist/server.js` writes only plugin-local `.boring-signature.json` and `.error` state.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
  • No child-process execution, credential harvesting, or hard-coded third-party exfiltration endpoint was found.
  • Bridge token refresh in `dist/bridge-client.js` uses caller-provided environment URL/token configuration.
  • Plugin path handling includes containment checks and rejects unsafe relative package paths.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 17 file(s), 1.09 MB of source, external domains: github.com, html.spec.whatwg.org, react.dev, testing-library.com, testing-playground.com, workspace.local, workspace.testing

Source & flagged code

1 flagged · loading source
dist/WorkspaceProvider-kf-pjz6V.jsView file
2847} L2848: const Po = () => import("./FileTree-zGmxifl_.js").then((e) => ({ default: e.FileTree })); L2849: function Mc() {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/WorkspaceProvider-kf-pjz6V.jsView on unpkg · L2847

Findings

3 Medium4 Low
MediumDynamic Requiredist/WorkspaceProvider-kf-pjz6V.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings