registry  /  @slothfulchat/ws-tcp-proxy  /  0.4.0

@slothfulchat/ws-tcp-proxy@0.4.0

WebSocket→TCP bridge for slothfulchat-web: tunnels the browser wasm core's IMAP/SMTP (ciphertext only) and DNS. Optional chatmail-server allowlist and opt-in link-preview unfurl endpoint.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The explicit CLI starts a WebSocket TCP bridge and optional link-preview HTTP fetcher. This is an exposed network capability, not an install-time payload or covert collection path.

Static reason
No blocking static signals were detected.
Trigger
User runs `ws-tcp-proxy` / `node ws-tcp-proxy.mjs` and exposes its listening port.
Impact
If publicly exposed without an allowlist, it can be abused to reach permitted TCP destinations; explicitly enabling private unfurl access weakens SSRF protections.
Mechanism
Unauthenticated WebSocket-to-TCP proxy with optional guarded HTTP(S) metadata fetcher.
Rationale
The source is a transparent, package-aligned networking utility with no install-time execution or covert exfiltration. Its open-proxy and configurable SSRF capability remains a real deployment risk if exposed, so warn rather than block.
Evidence
package.jsonws-tcp-proxy.mjsunfurl.mjs

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `ws-tcp-proxy.mjs` starts an unauthenticated WebSocket-to-TCP bridge when its bin is run.
  • Default empty allowlist permits TCP connections to caller-supplied IPs on IMAP/SMTP ports.
  • Optional `/unfurl` fetches caller-supplied HTTP(S) URLs; `UNFURL_ALLOW_PRIVATE=1` disables private-IP blocking.
Evidence against
  • `package.json` has no lifecycle scripts; install does not execute source.
  • No credential harvesting, filesystem writes, shell execution, eval, dynamic loading, or persistence found.
  • `unfurl.mjs` guards private addresses by default, rechecks redirects, and applies timeout, size, and rate limits.
  • No hard-coded external endpoint or exfiltration behavior found.
Behavioral surface
Source
EnvironmentVarsNetworkWebSocket
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 15.1 KB of source

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

5 Medium
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidence
MediumAi Review Evidence
MediumAi Review Evidence