AI Security Review
scanned 10d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. Risky primitives are explicit project tooling for barrel generation, PDF worker copying, and page generation, not install-time or import-time behavior.
Static reason
One or more suspicious static signals were detected.
Trigger
Explicit user invocation of package CLI helper functions/commands.
Impact
Can modify expected project output files when invoked; no evidence of unauthorized exfiltration, persistence, or hidden execution.
Mechanism
User-invoked filesystem generation and barrelsby execution.
Rationale
Read-only source inspection shows the scanner findings correspond to explicit CLI/dev tooling and app-aligned frontend API/cache/auth utilities. There is no lifecycle hook, import-time execution, credential harvesting, hardcoded exfiltration endpoint, persistence, or destructive action indicating malware.
Evidence
package.jsondist/index.jsdist/commands/cli.jsdist/commands/blueprint.jsdist/commands/use-pdf.jsdist/api/api.jsdist/auth/auth.jsdist/encryption/encryption.jsdist/cavity/cavity.jsbarrels.jsonpublic/pdf.worker.min.mjsblueprints/*.blueprint.jsonutils/commands/stubs/table-blueprint.stubapp/<route>/page.tsx
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
- dist/commands/cli.js can run `npx barrelsby -c barrels.json` from the caller cwd when CLI commands are invoked.
- dist/commands/blueprint.js writes generated `app/<route>/page.tsx` files from local blueprint config when invoked.
Evidence against
- package.json has no install/preinstall/postinstall lifecycle hooks and no bin entry.
- dist/index.js only re-exports library modules; it does not import the CLI command runner.
- dist/api/api.js uses axios against caller-provided url or NEXT_PUBLIC_API_HOST; no hardcoded exfiltration endpoint.
- dist/auth/auth.js and dist/encryption/encryption.js use public app env vars for app auth/cookie helpers, not secret harvesting.
- dist/cavity/cavity.js uses IndexedDB and an app-registered socket for cache invalidation; no external host is hardcoded.
- No persistence, destructive behavior, credential file reads, dynamic eval, native loading, or AI-agent control-surface writes found.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
NoLicense
Source & flagged code
2 flagged · loading sourcedist/commands/cli.jsView file
6import path from "path";
L7: import { exec, execSync } from "child_process";
L8: // =====================================>
High
Child Process
Package source references child process execution.
dist/commands/cli.jsView on unpkg · L640try {
L41: execSync("npx barrelsby -c barrels.json", { cwd: rootDir, stdio: "inherit" });
L42: logger.info("Barrels successfully generated!");
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/commands/cli.jsView on unpkg · L40Findings
3 High2 Medium3 Low
HighChild Processdist/commands/cli.js
HighShell
HighRuntime Package Installdist/commands/cli.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowNo License