AI Security Review
scanned 2h ago · by lpm-firewall-aiThe explicit dev-server command exposes project file read/write and arbitrary HTTP proxy routes. No install-time or covert execution was found.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs srt run or srt server.
Impact
A reachable untrusted client could modify project files or use the host as a network proxy.
Mechanism
Unauthenticated development server with project-file PUT and arbitrary upstream proxying.
Rationale
No malicious lifecycle, stealth, credential theft, or foreign AI-agent mutation is present. The exposed unauthenticated file-write/proxy capability is concrete enough to warn despite being package-aligned and user-invoked.
Evidence
package.jsonbin/srtsrc/main.tssrc/dev-server.tssrc/commands/server.tssrc/commands/mcp.tssrc/cache.ts
Network endpoints2
127.0.0.1:34884/__control__/__proxy__
Decision evidence
public snapshotAI called this Suspicious at 83.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- src/dev-server.ts starts an unauthenticated Bun HTTP/WebSocket server without a hostname restriction.
- src/dev-server.ts accepts PUT and writes resolved paths beneath the active project source directory.
- src/dev-server.ts proxies arbitrary x-srt-proxy-url targets with forwarded request headers.
- src/main.ts activates this only through explicit srt run/server commands.
Evidence against
- package.json has no preinstall, install, or postinstall lifecycle hooks.
- bin/srt only imports src/main.ts; import dispatches explicit CLI commands.
- No credential harvesting, foreign agent-config mutation, eval/vm, or hidden endpoint was found.
- src/commands/mcp.ts communicates only with the local 127.0.0.1 control endpoint.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
WildcardDependency
Source & flagged code
1 flagged · loading sourcesrc/dev-server.tsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @solidrt/cli@0.0.22
matchedIdentity = npm:QHNvbGlkcnQvY2xp:0.0.22
similarity = 0.667
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/dev-server.tsView on unpkgFindings
1 High3 Medium3 Low
HighPrevious Version Dangerous Deltasrc/dev-server.ts
MediumNetwork
MediumEnvironment Vars
MediumWildcard Dependency
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings