registry  /  @wolpertingerlabs/callboard  /  1.0.0-alpha.35

@wolpertingerlabs/callboard@1.0.0-alpha.35

A web-based control panel for managing Claude Code sessions, autonomous agents, and multi-agent workflows

AI Security Review

scanned 13d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package provides a user-invoked local web control panel for AI agent sessions with expected daemon, filesystem, and network behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs callboard CLI or starts the server
Impact
User-authorized local service can manage sessions and restart itself; no unconsented install-time behavior found
Mechanism
local dashboard/daemon management and agent orchestration
Rationale
Static inspection found powerful primitives, but they are tied to the package's advertised local control-panel/daemon purpose and require user invocation or authenticated runtime use. No concrete malicious install/import-time execution, exfiltration, destructive behavior, or AI-agent control hijack was found.
Evidence
package.jsonbin/callboard.jsbackend/dist/index.jsbackend/dist/utils/paths.js
Network endpoints2
registry.npmjs.org/${pkgName}/latestlocalhost:${port}

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json has prepare script that builds package on local install from git/source, but not a published-package install hook.
  • bin/callboard.js starts/stops a daemon and writes pid/log/env files under DATA_DIR when user invokes CLI.
  • backend/dist/index.js exposes authenticated APIs that can restart server and operate AI agent workflows.
  • backend/dist/index.js checks npm registry and Claude CLI status at runtime, aligned with dashboard functionality.
Evidence against
  • package.json has no postinstall/install lifecycle script for npm install-time execution.
  • package files are a Claude/agent control panel; child_process use is for user-invoked CLI daemon and Claude CLI checks.
  • Network endpoints seen are package-aligned: registry.npmjs.org version check and local web server APIs.
  • No evidence of credential harvesting/exfiltration, persistence beyond documented daemon management, destructive actions, or prompt/reviewer manipulation in inspected entrypoints.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
GitDependency
scanned 165 file(s), 2.35 MB of source, external domains: 127.0.0.1, api.anthropic.com, api.openai.com, chatgpt.com, claude.ai, console.anthropic.com, developers.cloudflare.com, github.com, openrouter.ai, platform.openai.com, proxy.example.com, reactjs.org, registry.npmjs.org, support.anthropic.com, www.w3.org

Source & flagged code

1 flagged · loading source
bin/callboard.jsView file
24// Import shared path utilities from compiled backend L25: const { DATA_DIR, ENV_FILE, ensureDataDir, ensureEnvFile } = await import(join(PKG_ROOT, "backend/dist/utils/paths.js")); L26:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/callboard.jsView on unpkg · L24

Findings

5 Medium5 Low
MediumDynamic Requirebin/callboard.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumGit Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings