registry  /  @kafe.studio/cloudflare  /  0.29.0

@kafe.studio/cloudflare@0.29.0

Cloudflare adapters for KafeCMS - D1, R2, Access, and Worker Loader sandbox

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface. Runtime network activity is limited to configured Cloudflare services and an opt-in plugin sandbox includes SSRF and credential-redirect controls.

Static reason
One or more suspicious static signals were detected.
Trigger
Consumer configures Cloudflare media/auth services or explicitly enables the sandbox runner for plugin code.
Impact
Expected application operations only; no unconsented install-time mutation, credential harvesting, or remote payload chain found.
Mechanism
Cloudflare Worker adapters, authenticated service API calls, and capability-scoped sandbox plugin execution.
Rationale
Static hints arise from normal Cloudflare API use and a sandbox's defensive metadata-address blocking. Source inspection found no lifecycle execution or concrete malicious behavior.
Evidence
package.jsonsrc/sandbox/runner.tssrc/sandbox/bridge-http.tssrc/media/images-runtime.tssrc/media/stream-runtime.tssrc/auth/cloudflare-access.ts
Network endpoints4
api.cloudflare.com/client/v4/accounts/{accountId}/images/v1{teamDomain}/cdn-cgi/access/certs{teamDomain}/cdn-cgi/access/get-identityimagedelivery.net

Decision evidence

public snapshot
AI called this Clean at 95.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `src/sandbox/runner.ts` loads caller-supplied plugin bundles only through configured Cloudflare Worker Loader.
  • `src/media/images-runtime.ts` and `src/media/stream-runtime.ts` send configured Cloudflare API bearer tokens with service requests.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
  • No Node filesystem, child-process, eval, VM, native-binary, or shell execution was found in source.
  • `src/sandbox/bridge-http.ts` blocks localhost, cloud-metadata hosts, private/link-local IPs, unsafe schemes, and unsafe redirects.
  • Media requests target Cloudflare Images/Stream APIs constructed from explicit provider configuration.
  • `src/auth/cloudflare-access.ts` uses the configured Access team domain for JWKS and identity validation.
  • No source writes AI-agent configuration, persists outside Cloudflare bindings, or exfiltrates unrelated environment data.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 69 file(s), 517 KB of source, external domains: api.cloudflare.com, imagedelivery.net, www.w3.org

Source & flagged code

2 flagged · loading source
dist/runner-5lTuEoEo.mjsView file
22* plugins can't be tricked into reaching cloud-metadata endpoints or L23: * literal private IPs even without an explicit allowlist. L24: */ ... L163: */ L164: async function sandboxHttpFetch(url, init, options) { L165: const { capabilities, allowedHosts } = options; ... L189: headers, L190: text: await response.text() L191: }; ... L330: parentId: columnNullableString(row.parent_id), L331: data: columnJsonObject(row.data), L332: locale: columnString(row.locale),
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

dist/runner-5lTuEoEo.mjsView on unpkg · L22
dist/db/playground-middleware.mjsView file
713package = @kafe.studio/cloudflare; repositoryIdentity = kafecms; dependency = kafecms L713: const { loadSeed } = await import("kafecms/seed"); L714: const { applySeed } = await import("kafecms"); L715: const seedResult = await applySeed(db, await loadSeed(), {
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

dist/db/playground-middleware.mjsView on unpkg · L713

Findings

2 High3 Medium4 Low
HighCloud Metadata Accessdist/runner-5lTuEoEo.mjs
HighCopied Package Dependency Bridgedist/db/playground-middleware.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings