AI Security Review
scanned 5h ago · by lpm-firewall-aiNo confirmed malicious attack surface from static source inspection. The package is a user-invoked MCP/database safety runner with local servers, config generation, database access, and writeback utilities gated by CLI commands, config, env vars, and approvals.
Decision evidence
public snapshot- package.json has no preinstall/install/postinstall hooks; only bin dist/cli.js and build/prepack/test scripts.
- dist/cli.js only checks Node version and spawns bundled dist/runner.mjs with inherited stdio/env when user runs the CLI.
- dist/runner.mjs HTTP/MCP listeners default to 127.0.0.1 and require bearer token env unless explicit localhost dev-no-auth is used.
- MCP client config writes occur only via explicit mcp configure --write with destination and confirmation/--yes; no install-time agent config mutation.
- Network calls are package-aligned: configured cloud baseUrl, local MCP/UI servers, user-supplied audit/webhook/handler URLs.
- Secret handling is defensive: config validation rejects inline secrets/URLs in contracts and persistence paths redact/refuse secret-like values.
Source & flagged code
7 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/runner.mjsView on unpkgSource launches a detached bundled service that exposes a broad-bound HTTP listener.
dist/runner.mjsView on unpkg · L4Package source references dynamic require/import behavior.
dist/runner.mjsView on unpkg · L10166Package source references a known benign dynamic code generation pattern.
dist/runner.mjsView on unpkg · L10166Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/cli.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
examples/openai-agents-http/MakefileView on unpkg