AI Security Review
scanned 12d ago · by lpm-firewall-aiThe package is a large user-invoked installer for SiteDesk/Claude-based local services. It has powerful, package-aligned system and AI-agent configuration behavior, but no confirmed malicious attack surface from source inspection.
Decision evidence
public snapshot- dist/permissions-seed.js seeds brand-scoped Claude settings with defaultMode=bypassPermissions and Cloudflare token autoMode allowances.
- dist/index.js user-invoked bin performs privileged installer actions: apt/brew/npm installs, systemd/launchd setup, cron/service changes, and local payload deployment.
- payload/platform/plugins/admin/mcp/dist/index.js exposes admin MCP tools for local system/account administration when platform runs.
- package.json has no install/postinstall hook; only prepublishOnly runs during publishing, not consumer install.
- dist/index.js dangerous operations are activated by running the documented create-sitedesk-code installer bin, not import-time execution.
- Network endpoints are installer-aligned dependency/service endpoints: npm registry, GitHub plugin marketplaces, Google/Neo4j apt repos, localhost services, Cloudflare provisioning described in config.
- Secrets generated/read are local platform credentials such as Neo4j/admin/Cloudflare tokens and are written under the brand install/config paths with redaction comments.
- No evidence of credential harvesting, arbitrary remote payload execution beyond package-manager installs, persistence outside declared service installation, or exfiltration to attacker infrastructure.
Source & flagged code
20 flagged · loading sourcePackage contains a possible secret pattern.
payload/platform/scripts/smoke-boot-services.shView on unpkg · L317A single source file combines environment access, network access, and code or shell execution with blocking evidence.
dist/index.jsView on unpkg · L134Source downloads or fetches remote code and executes it.
dist/index.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L1Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L1Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L1066Source writes installer persistence such as shell profile or service configuration.
dist/index.jsView on unpkg · L1Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
payload/platform/plugins/prompt-optimiser/skills/prompt-optimiser/__tests__/restatement-ladder.test.shView on unpkgPackage ships non-JavaScript build or shell helper files.
payload/platform/plugins/prompt-optimiser/skills/prompt-optimiser/__tests__/restatement-ladder.test.shView on unpkgPackage ships high-entropy non-source blobs.
payload/server/public/assets/cormorant-latin-ext-500-normal-AH9qog1s.woff2View on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
payload/platform/plugins/admin/mcp/dist/index.jsView on unpkgHardcoded password in payload/platform/plugins/email/mcp/dist/__tests__/email-delete.test.js
payload/platform/plugins/email/mcp/dist/__tests__/email-delete.test.jsView on unpkg · L52Hardcoded password in payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.js
payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.jsView on unpkg · L28Hardcoded password in payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.js
payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.jsView on unpkg · L43Hardcoded password in payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.js
payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.jsView on unpkg · L57Hardcoded password in payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.js
payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.jsView on unpkg · L127Hardcoded password in payload/platform/lib/task-secrets/src/__tests__/redact-secrets.test.ts
payload/platform/lib/task-secrets/src/__tests__/redact-secrets.test.tsView on unpkg · L73