registry  /  @wolpertingerlabs/callboard  /  1.0.0-alpha.36

@wolpertingerlabs/callboard@1.0.0-alpha.36

A web-based control panel for managing Claude Code sessions, autonomous agents, and multi-agent workflows

AI Security Review

scanned 12d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a web control panel for AI agent sessions with expected authenticated controls for providers, plugins, tunnels, and local config.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs callboard CLI/server and uses authenticated settings or chat workflows.
Impact
Expected management of ~/.callboard config, AI provider credentials, plugin hooks, local/remote proxy settings, and session files.
Mechanism
User-configured AI agent orchestration and local daemon management
Rationale
Scanner findings map to real dual-use AI-agent control features, but source inspection shows they are user-invoked/authenticated and aligned with the package purpose. I found no unconsented lifecycle mutation, harvesting, exfiltration, staged payload, or malicious install/import-time behavior.
Evidence
package.jsonbin/callboard.jsbackend/dist/index.jsbackend/dist/services/agent-settings.jsbackend/dist/routes/agent-settings.jsbackend/dist/services/claude.jsbackend/dist/services/custom-skills-service.jsbackend/dist/utils/paths.js~/.callboard/agent-settings.json~/.callboard/custom-skills~/.callboard/.env~/.callboard/callboard.pid~/.callboard/logs/callboard.log~/.claude/projects
Network endpoints6
registry.npmjs.org/${pkgName}/latestregistry.npmjs.org/${PKG_NAME}/latestopenrouter.ai/apiopenrouter.ai/api/v1127.0.0.1:9999localhost:${port}/api/auth/check

Decision evidence

public snapshot
AI called this Clean at 82.0% confidence as Benign with high false-positive risk.
Evidence for block
  • backend/dist/services/claude.js executes plugin hook shell commands and injects MCP/plugin tools into AI sessions, but only from configured/enabled plugins.
  • backend/dist/routes/agent-settings.js can persist API keys, Codex/OpenRouter settings, tunnel settings, and caller bundles via authenticated settings endpoints.
  • backend/dist/index.js starts local drawlatch daemon/web tunnel and exposes restart/status endpoints after auth.
Evidence against
  • package.json lifecycle scripts are build/test/lint/publish checks; no install-time credential harvesting or payload execution found.
  • bin/callboard.js is a user-invoked daemon CLI; dynamic imports load local backend utilities and server entrypoints.
  • backend/dist/services/agent-settings.js OpenRouter/Codex env overrides are package-aligned settings for routing AI providers, not forced exfiltration.
  • Network endpoints are expected product endpoints: npm version check, localhost health/proxy, OpenRouter, Cloudflare tunnel, and user-configured proxy URLs.
  • Custom skills in backend/dist/services/custom-skills-service.js are user-created under ~/.callboard and injected only when present.
  • No source evidence of prompt/reviewer manipulation, persistence outside app config, destructive lifecycle behavior, or credential exfiltration.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
GitDependency
scanned 165 file(s), 2.36 MB of source, external domains: 127.0.0.1, api.anthropic.com, api.openai.com, chatgpt.com, claude.ai, console.anthropic.com, developers.cloudflare.com, github.com, openrouter.ai, platform.openai.com, proxy.example.com, reactjs.org, registry.npmjs.org, support.anthropic.com, www.w3.org

Source & flagged code

2 flagged · loading source
bin/callboard.jsView file
24// Import shared path utilities from compiled backend L25: const { DATA_DIR, ENV_FILE, ensureDataDir, ensureEnvFile } = await import(join(PKG_ROOT, "backend/dist/utils/paths.js")); L26:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/callboard.jsView on unpkg · L24
backend/dist/services/agent-settings.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @wolpertingerlabs/callboard@1.0.0-alpha.35 matchedIdentity = npm:[redacted]:1.0.0-alpha.35 similarity = 0.975 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

backend/dist/services/agent-settings.jsView on unpkg

Findings

1 Critical5 Medium5 Low
CriticalPrevious Version Dangerous Deltabackend/dist/services/agent-settings.js
MediumDynamic Requirebin/callboard.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumGit Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings