registry  /  @mrpatronz/nexusflow  /  0.2.19

@mrpatronz/nexusflow@0.2.19

Combine multiple repos into a workspace with rich AI assistant context

AI Security Review

scanned 8d ago · by lpm-firewall-ai

No confirmed malware behavior was found, but the local dashboard exposes dangerous update and execution endpoints. A malicious website or local process may be able to abuse the CORS-enabled localhost API while the UI server is running.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs nexusflow ui/dashboard or activates the VS Code extension, then an HTTP client calls local /api endpoints.
Impact
Potential local remote code execution or unwanted global package updates through the dashboard server, especially on Windows installer apply.
Mechanism
Unauthenticated localhost API can download and execute updater payloads or run fixed package-manager/assistant commands.
Attack narrative
The package does not execute malicious behavior at install or import. The main risk is a local dashboard started by user action; its CORS-enabled API includes endpoints that can fetch an arbitrary URL into a temp installer path and later spawn that file silently on Windows, plus endpoints that run fixed update and AI-assistant commands.
Rationale
Static inspection supports a serious local API RCE/update vulnerability rather than a deliberate malware campaign: dangerous behavior is user/runtime exposed, package-aligned, and not hidden in lifecycle hooks. Because the unauthenticated CORS-enabled server can execute downloaded updater payloads, warning is warranted even without proof of malicious intent.
Evidence
package.jsondist/index.jsdist/server.jsdist/utils/update-check.jsdist/core/plugins/loader.jsdist/commands/mcp.jsextension/src/extension.ts~/.nexusflow/config.jsonos.tmpdir()/NexusFlowSetup_Update.exeworkspace/nexusflow-knowledge.mdAI/editor MCP config files under user home
Network endpoints5
api.github.com/repos/antan87/NexusFlow/releases/latestregistry.npmjs.org/${t.npmPackage}/latestcaller-supplied downloadUrllocalhost:3000/api/configlocalhost:3000

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Critical Vulnerability with medium false-positive risk.
Evidence for warning
  • dist/server.js exposes unauthenticated local API with broad CORS on /api/*
  • dist/server.js /api/updates/download fetches caller-supplied downloadUrl to temp NexusFlowSetup_Update.exe
  • dist/server.js /api/updates/apply spawns the downloaded installer silently on Windows
  • dist/server.js /api/updates/install runs fixed npm/agy update commands from local API
  • dist/server.js /api/workflows/templates/:id/analyze executes detected AI assistant CLI with user-supplied prompt content
Evidence against
  • package.json has no install/postinstall lifecycle hook; prepublishOnly is publish-time build only
  • dist/index.js only bootstraps commander commands and user-configured plugins
  • dist/utils/update-check.js contacts GitHub/npm for update status and prints an install suggestion; no automatic install there
  • dist/core/plugins/loader.js imports only paths listed in user config.plugins
  • extension/src/extension.ts starts local UI server and runs bounded NexusFlow commands from its own webview buttons
  • No credential harvesting or external exfiltration endpoint found in inspected source
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 216 file(s), 1.83 MB of source, external domains: 127.0.0.1, api.github.com, github.com, malicious-external-domain.com, nodejs.org, react.dev, reactrouter.com, registry.npmjs.org, unsafe-domain.com, www.w3.org

Source & flagged code

6 flagged · loading source
extension/src/extension.tsView file
2import * as http from 'http'; L3: import * as child_process from 'child_process'; L4: import * as path from 'path';
High
Child Process

Package source references child process execution.

extension/src/extension.tsView on unpkg · L2
dist/core/graph.jsView file
2import * as path from 'node:path'; L3: import { execa } from 'execa'; L4: /**
High
Shell

Package source references shell execution.

dist/core/graph.jsView on unpkg · L2
dist/core/plugins/loader.jsView file
19const fileUrl = resolvedPath.startsWith('file://') ? resolvedPath : `file:///${resolvedPath.replace(/\\/g, '/')}`; L20: const module = await import(fileUrl); L21: const plugin = module.default || module.plugin;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/core/plugins/loader.jsView on unpkg · L19
dist/utils/update-check.jsView file
10/** L11: * Resolves the current package version by searching for package.json upward L12: * from the directory of the executing code. ... L16: const __filename = fileURLToPath(import.meta.url); L17: const __dirname = path.dirname(__filename); L18: let currentDir = __dirname; ... L21: if (fs.existsSync(packageJsonPath)) { L22: const pkg = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8')); L23: return pkg.version; ... L59: try { L60: const response = await fetch('https://api.github.[redacted]', { L61: headers: { 'User-Agent': 'NexusFlow-Updater' },
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/utils/update-check.jsView on unpkg · L10
130const msg = `Update available: ${chalk.red(status.currentVersion)} → ${chalk.green(status.latestVersion)}`; L131: const runMsg = `Run ${chalk.cyan('npm install -g @mrpatronz/nexusflow')} to update!`; L132: const cleanMsg = `Update available: ${status.currentVersion} → ${status.latestVersion}`; ... L144: } L145: import { execa } from 'execa'; L146: export async function getToolsStatus(force = false) {
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/utils/update-check.jsView on unpkg · L130
dist/server.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @mrpatronz/nexusflow@0.2.18 matchedIdentity = npm:QG1ycGF0cm9uei9uZXh1c2Zsb3c:0.2.18 similarity = 0.875 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/server.jsView on unpkg

Findings

1 Critical4 High4 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/server.js
HighChild Processextension/src/extension.ts
HighShelldist/core/graph.js
HighSandbox Evasion Gated Capabilitydist/utils/update-check.js
HighRuntime Package Installdist/utils/update-check.js
MediumDynamic Requiredist/core/plugins/loader.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings