AI Security Review
scanned 9d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Runtime network and filesystem behavior is aligned with a database studio library: user-invoked DB connections, optional SSH tunnel, optional LLM provider calls, and SQLite file creation for configured DB paths.
Decision evidence
public snapshot- Database/LLM package can connect to user-configured DBs and LLM APIs at runtime.
- SQLite provider creates directories for the user-specified database path.
- package.json has no install/postinstall/preinstall hooks; prepublishOnly is publisher-only.
- dist/index.js only re-exports bundled providers/components.
- dist/chunk-ZOZ6ZI3L.js creates DB/SSH/LLM providers only when called by consumers.
- dist/chunk-CVK3CTLF.js reads LLM_* env vars and masks apiKey in logging.
- dist/openai-NKS4RCTB.js and custom provider send API keys only as Authorization to configured LLM endpoint.
- No AI-agent control-surface writes, lifecycle persistence, credential harvesting, or exfiltration code found.
Source & flagged code
8 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/chunk-AXBPQRG7.jsView on unpkg · L1057OpenSSH private key in dist/chunk-AXBPQRG7.js
dist/chunk-AXBPQRG7.jsView on unpkg · L1189RSA private key in dist/chunk-AXFO3IQH.mjs
dist/chunk-AXFO3IQH.mjsView on unpkg · L1036OpenSSH private key in dist/chunk-AXFO3IQH.mjs
dist/chunk-AXFO3IQH.mjsView on unpkg · L1168