AI Security Review
scanned 3h ago · by lpm-firewall-aiNo install-time or stealth attack behavior is established. At runtime, explicit MCP tool calls can create Hugging Face jobs/sandboxes and execute caller-supplied commands remotely.
Decision evidence
public snapshot- `src/sandbox-tool.ts` creates and controls authenticated Hugging Face sandbox jobs.
- `src/sandbox-tool.ts` posts user-provided commands to sandbox `/v1/exec` and supports filesystem writes.
- `src/jobs/commands/run.ts` builds user-requested Hugging Face Job specifications; `uv-utils.ts` supports inline shell execution.
- `package.json` has no preinstall, install, or postinstall lifecycle hooks.
- `src/index.ts` exports library tools without import-time execution.
- `src/network/safe-fetch.ts` validates redirects and strips sensitive headers cross-host.
- `src/network/ip-policy.ts` blocks internal/reserved addresses for external fetches.
- Observed endpoints are Hugging Face service endpoints aligned with package functionality.
Source & flagged code
3 flagged · loading source`src/sandbox-tool.ts` creates and controls authenticated Hugging Face sandbox jobs.
src/sandbox-tool.tsView on unpkg`src/sandbox-tool.ts` posts user-provided commands to sandbox `/v1/exec` and supports filesystem writes.
src/sandbox-tool.tsView on unpkg`src/jobs/commands/run.ts` builds user-requested Hugging Face Job specifications; `uv-utils.ts` supports inline shell execution.
src/jobs/commands/run.tsView on unpkg