AI Security Review
scanned 2h ago · by lpm-firewall-aiThe runtime AMQP worker accepts messages on the `functions` routing key and compiles an attacker-supplied function body. Any actor able to publish to the configured AMQP exchange can execute JavaScript in the server process.
Decision evidence
public snapshot- `utils/jobs-worker-queue-manager/queueManagerClassV2.js` binds AMQP routing key `functions`.
- AMQP message field `fdata.function` is executed with `new Function` without validation.
- The consumer starts through `JobManagerV2.connectAndStartWorker`, creating a runtime RCE capability for AMQP publishers.
- `package.json` has guarded preinstall that writes package-local `.npmrc` when enterprise mode is explicitly enabled.
- No source evidence of credential harvesting, filesystem discovery, exfiltration, or AI-agent control-surface mutation.
- `bin/www` is a conventional HTTP server entrypoint; it does not execute shell commands or remote payloads.
- The preinstall hook is conditional on `ENABLE_ENTERPRISE_MODULE` and only configures npm registry authentication.
- Observed HTTP integrations are service functionality, including configured chatbot training and webhook endpoints.
Source & flagged code
39 flagged · loading sourceTarball package.json differs from the npm registry version manifest for scripts or dependency sets.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage declares a runtime dependency whose name matches a Node built-in module.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
docs/api-dev.mdView on unpkg · L49Package source references a known benign dynamic code generation pattern.
utils/jobs-worker-queue-manager/queueManagerClassV2.jsView on unpkg · L270Package source references dynamic require/import behavior.
middleware/noentitycheck.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
channels/chat21/chat21WebHook.jsView on unpkgHardcoded password in pubmodules/cache/mongoose-cachegoose-fn.js
pubmodules/cache/mongoose-cachegoose-fn.jsView on unpkg · L943Hardcoded password in pubmodules/cache/mongoose-cachegoose-fn.js
pubmodules/cache/mongoose-cachegoose-fn.jsView on unpkg · L945Hardcoded password in pubmodules/cache/mongoose-cachegoose-fn.js
pubmodules/cache/mongoose-cachegoose-fn.jsView on unpkg · L946Hardcoded password in pubmodules/sms/listener.js
pubmodules/sms/listener.jsView on unpkg · L26Hardcoded password in pubmodules/voice-twilio/listener.js
pubmodules/voice-twilio/listener.jsView on unpkg · L23Hardcoded password in pubmodules/voice/listener.js
pubmodules/voice/listener.jsView on unpkg · L32Hardcoded password in pubmodules/tilebot/listener.js
pubmodules/tilebot/listener.jsView on unpkg · L42Hardcoded password in pubmodules/whatsapp/listener.js
pubmodules/whatsapp/listener.jsView on unpkg · L26Hardcoded password in test/authentication.js
test/authentication.jsView on unpkg · L159Hardcoded password in test/authentication.js
test/authentication.jsView on unpkg · L208Hardcoded password in test/authentication.js
test/authentication.jsView on unpkg · L235Hardcoded password in test/authentication.js
test/authentication.jsView on unpkg · L259RSA private key in services/emailService.js
services/emailService.jsView on unpkg · L266