AI Security Review
scanned 2h ago · by lpm-firewall-aiRuntime MCP calls can invoke a local Deno worker to evaluate caller-provided TypeScript. This is an explicit code-execution capability rather than install-time execution, with network restricted to the configured Nirvana SDK host.
Decision evidence
public snapshot- `src/code-tool.ts` exposes an MCP `execute` tool accepting caller-supplied TypeScript.
- `src/code-tool-worker.ts` evaluates supplied code through a data-URL dynamic require.
- `src/code-tool.ts` starts a local Deno worker with inherited environment variables.
- `package.json` has no preinstall, install, postinstall, or uninstall lifecycle hook.
- `index.js` only starts the server when executed as its CLI entrypoint.
- The Deno worker restricts network access to the configured SDK API hostname.
- The worker read permission is limited to package/SDK paths; no package code writes files.
- No hardcoded exfiltration endpoint, persistence, destructive operation, or agent-config mutation was found.
Source & flagged code
4 flagged · loading sourcePackage source references dynamic require/import behavior.
instructions.jsView on unpkg · L7Tarball package.json differs from the npm registry version manifest for scripts or dependency sets.
package.jsonView on unpkgPackage manifest contains a dependency pinned to a remote tarball URL.
package.jsonView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
code-tool-worker.jsView on unpkg