registry  /  @pinfix/plugin  /  1.2.1

@pinfix/plugin@1.2.1

Visual UI annotation overlay for Claude Code-powered source editing in dev servers.

AI Security Review

scanned 1h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
User adds the plugin and starts a Vite/Webpack/Rspack development or watch server.
Impact
A reachable or untrusted browser client could request AI-agent actions in the developer project; no install-time compromise or exfiltration endpoint is confirmed.
Mechanism
local WebSocket-to-Claude-agent bridge with automatic tool permissions
Rationale
Source inspection does not establish malicious intent or a concrete malware chain. The package nevertheless exposes a high-impact developer-agent control surface without source-visible WebSocket authentication, so it warrants a warning.
Evidence
package.jsondist/chunk-XCBM54EQ.jsdist/channel-server.jsdist/overlay.iife.global.jsREADME.mdnode_modules/.cache/pinfix/server.pid
Network endpoints1
ws://localhost:24816

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/chunk-XCBM54EQ.js` starts a local channel-server during dev/watch mode.
  • `dist/channel-server.js` forwards browser chat and source context to Claude Agent SDK with `permissionMode: "auto"`.
  • `dist/channel-server.js` creates `WebSocketServer({ port })` without source-level authentication checks.
  • The channel server writes `node_modules/.cache/pinfix/server.pid` and runs with the project cwd.
Evidence against
  • `package.json` has no preinstall, install, or postinstall hook.
  • The spawned executable is the packaged `dist/channel-server.js` via the current Node runtime.
  • Observed WebSocket URLs are localhost-only in the plugin/overlay source.
  • No HTTP fetch, credential harvesting, shell execution, dynamic code evaluation, or foreign agent-config writes were found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 11 file(s), 405 KB of source, external domains: docs.python.org, github.com, tc39.es

Source & flagged code

2 flagged · loading source
dist/chunk-XCBM54EQ.jsView file
167// src/server.ts L168: import { spawn } from "child_process"; L169: import { existsSync, watchFile, unwatchFile, readFileSync as readFileSync2, unlinkSync } from "fs";
High
Child Process

Package source references child process execution.

dist/chunk-XCBM54EQ.jsView on unpkg · L167
29Cross-file remote execution chain: dist/chunk-XCBM54EQ.js spawns dist/overlay.iife.global.js; helper contains network access plus dynamic code execution. L29: const [filePath, query] = id.split("?", 2); L30: const params = new URLSearchParams(query || ""); L31: if (filePath.endsWith(".vue") && (params.get("lang") === "tsx" || params.get("lang") === "jsx")) { ... L167: // src/server.ts L168: import { spawn } from "child_process"; L169: import { existsSync, watchFile, unwatchFile, readFileSync as readFileSync2, unlinkSync } from "fs"; ... L176: function getRuntimeDir() { L177: return typeof __dirname === "string" ? __dirname : dirname(fileURLToPath(import.meta.url)); L178: } ... L209: env: { L210: ...process.env, L211: PINFIX_PORT: String(options.port),
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/chunk-XCBM54EQ.jsView on unpkg · L29

Findings

3 High1 Medium4 Low
HighChild Processdist/chunk-XCBM54EQ.js
HighShell
HighCross File Remote Execution Contextdist/chunk-XCBM54EQ.js
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings