registry  /  @talocode/codra-code  /  0.2.5

@talocode/codra-code@0.2.5

A local-first, open-source coding agent for real software work.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

A packaged standalone auth server exposes a privileged backend credential in source. If executed directly, it runs a local device-auth API with an approval path that does not authenticate the approver. No default install-time or CLI-import execution reaches this module.

Static reason
One or more suspicious static signals were detected.
Trigger
Direct execution of `dist/auth/auth-server.js`; the credential is also exposed to any package reader.
Impact
Backend compromise risk and unauthorized device-token approval if the module is run.
Mechanism
Hard-coded privileged Supabase credential plus weak local device-approval API
Rationale
No concrete malicious execution, exfiltration, lifecycle persistence, or foreign AI-agent control-surface mutation was found. The exposed privileged credential and directly executable weak auth server warrant a warning as a critical vulnerability.
Evidence
package.jsondist/index.jsdist/auth/auth-server.jsdist/telemetry.jsdist/security/redact.js
Network endpoints1
qmxhcjiryoptyzpmysen.supabase.co

Decision evidence

public snapshot
AI called this Suspicious at 94.0% confidence as Critical Vulnerability with low false-positive risk.
Evidence for warning
  • `dist/auth/auth-server.js` embeds a Supabase service-role credential.
  • The same module starts an unauthenticated local auth API and approves any pending device code.
  • `dist/auth/auth-server.js` is unreferenced by the normal CLI entrypoint, so no automatic trigger was found.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` hook.
  • `dist/index.js` only starts the CLI after user invocation; it does not import `auth-server.js`.
  • `dist/telemetry.js` sends limited version/platform telemetry, not harvested credentials.
  • `dist/security/redact.js` and command handlers include secret-file and content-redaction safeguards.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 83 file(s), 204 KB of source, external domains: api.openai.com, qmxhcjiryoptyzpmysen.supabase.co, tera-api-v01.netlify.app, teraai.chat

Source & flagged code

2 flagged · loading source
dist/auth/auth-server.jsView file
5patternName = supabase_service_key severity = critical line = 5 matchedText = const su...ok';
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/auth/auth-server.jsView on unpkg · L5
5patternName = supabase_service_key severity = critical line = 5 matchedText = const su...ok';
Critical
Secret Pattern

Supabase service role key (JWT) in dist/auth/auth-server.js

dist/auth/auth-server.jsView on unpkg · L5

Findings

2 Critical2 Medium5 Low
CriticalCritical Secretdist/auth/auth-server.js
CriticalSecret Patterndist/auth/auth-server.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings