AI Security Review
scanned 2h ago · by lpm-firewall-aiThe SDK can connect to an integrator-configured Socket.IO server and dispatch commands. Optional helpers can execute shell commands or dynamically evaluate plugin source, creating a remote-code-execution capability when enabled by the consumer.
Decision evidence
public snapshot- `dist/index.cjs` PluginLoader executes `plugin.code` with `new Function` when `allowDynamic` is enabled.
- `dist/index.cjs` exposes `shell:exec`, which runs supplied commands via `child_process.exec` when explicitly enabled.
- `dist/index.cjs` includes remote-facing process kill/restart, file, system, and screen-capture handler factories.
- `package.json` has no preinstall, install, postinstall, or executable bin hook.
- Importing `dist/index.cjs` only defines exports; network connection starts only after `RemoteKitClient.start()`.
- Socket endpoint and authentication token are caller-supplied; no hard-coded external command-and-control host was found.
- Dynamic plugins and shell execution are disabled unless the integrator opts in and registers/uses them.
Source & flagged code
4 flagged · loading sourceSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.jsView on unpkg · L57Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L778Package source references dynamic require/import behavior.
dist/chunk-K2EJONCQ.jsView on unpkg · L221