AI Security Review
scanned 2h ago · by lpm-firewall-aiThis is an explicit MCP browser-validation and project-repair tool, not an install-time payload. A connected MCP client can invoke browser JavaScript evaluation, target-site requests, project-file edits, and arbitrary shell commands through `atl_fix`.
Decision evidence
public snapshot- `handlers/atl.js` runs arbitrary caller-provided shell commands via `execSync` when `atl_fix` uses `fixType: command`.
- `handlers/browser.js` exposes `browser_eval`, evaluating caller-provided JavaScript in the active browser page.
- `server.js` HTTP mode accepts unauthenticated MCP requests when `MCP_API_KEY` is unset and listens without an explicit loopback host.
- `server.js` begins with repeated U+FEFF bytes; abnormal formatting but no hidden executable branch was found.
- `package.json` has no `preinstall`, `install`, or `postinstall`; `prepublishOnly` runs only during publishing.
- `bin/validpilot.js` starts services and browser actions only after explicit CLI commands.
- Network fetches target user-supplied validation URLs; no package-controlled credential-exfiltration endpoint was found.
- `core/redaction.js` redacts common secret-bearing fields before reported output.
Source & flagged code
7 flagged · loading sourcePackage contains a possible secret pattern.
hands/deep_interactor.jsView on unpkg · L190Package source references child process execution.
core/win-encoding.jsView on unpkg · L15Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
server.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
server.jsView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
bin/validpilot.jsView on unpkg · L5