AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface: risky primitives are user-invoked developer-tool features for creating multi-repo AI workspaces and optional MCP setup. There is no install-time or import-time mutation of foreign AI-agent control surfaces.
Decision evidence
public snapshot- dist/commands/mcp.js can update user AI MCP configs, but only via explicit `nexusflow mcp setup`.
- dist/core/plugins/loader.js dynamically imports configured plugin paths at CLI runtime.
- dist/server.js exposes local GUI routes that can spawn allowed editors/services and delete workspaces.
- package.json has no install/postinstall/prepare hook; only prepublishOnly build.
- dist/index.js only registers CLI commands and skips update checks for MCP stdio mode.
- dist/core/workspace.js writes `.cursor/mcp.json`, `AGENTS.md`, `CLAUDE.md`, and skills inside NexusFlow workspaces, aligned with package purpose.
- dist/commands/mcp.js writes known MCP config paths only when the setup command is invoked, not during install/import.
- dist/utils/update-check.js fetches GitHub/npm version metadata and prints install instructions; it does not execute npm install.
- dist/server.js restricts CORS to localhost and validates editor command names/path containment for sensitive routes.
Source & flagged code
7 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/server.jsView on unpkgPackage source references dynamic require/import behavior.
dist/core/plugins/loader.jsView on unpkg · L19Package source references weak cryptographic algorithms.
dist/core/analysis-cache.jsView on unpkg · L11Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/utils/update-check.jsView on unpkg · L10Package source invokes a package manager install command at runtime.
dist/utils/update-check.jsView on unpkg · L130