registry  /  accelr8  /  3.7.1

accelr8@3.7.1

Collaborative ascii canvas in your terminal. Real multiplayer, live cursors, mouse-driven TUI.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package provides an opt-in, package-owned AI chat-agent feature. It persists user-supplied/provider-env credentials locally and sends room chat context to the selected provider; Claude Code use is constrained to plan mode with operational tools disabled. No unconsented install-time or foreign-agent control-surface mutation is established.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `accelr8 agent add`, attaches that account to a room, and an agent invocation occurs; update and ffmpeg installs require interactive UI actions.
Impact
A configured user account can transmit shared room chat context to OpenAI or Anthropic and may invoke the local Claude CLI in restricted chat-only mode.
Mechanism
Explicit local agent credential setup and provider-backed chat execution.
Rationale
The static malicious label is not supported by source inspection. The package has an opt-in first-party agent integration with credential persistence and provider network calls, so it should warn rather than block.
Evidence
package.jsondist/cli.jsdist/chunks/agentcli-ZI2O7ID7.jsdist/chunks/chunk-3JNUWI22.jsdist/chunks/client-OIVTEENE.jsdist/chunks/update-UEPNGB6Y.js~/.accelr8/accounts.json~/.accelr8/agent-tokens.json~/.accelr8/update-check.json~/.accelr8/identity.json~/.accelr8/settings.json~/.accelr8/server-data.json
Network endpoints5
wss://accelr8-canvas.patonchain.workers.devregistry.npmjs.org/accelr8/latestapi.anthropic.com/v1/messagesapi.openai.com/v1/chat/completionsaccelr8-canvas.patonchain.workers.dev/audio/flim.mp3

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `dist/cli.js` exposes explicit `agent` and `radio` commands.
  • `dist/chunks/agentcli-ZI2O7ID7.js` prompts for provider credentials only under `accelr8 agent add`.
  • `dist/chunks/chunk-3JNUWI22.js` stores accounts/tokens in `~/.accelr8` with 0600 permissions.
  • `dist/chunks/chunk-3JNUWI22.js` sends configured chat context to OpenAI/Anthropic APIs.
  • `dist/chunks/chunk-3JNUWI22.js` can spawn the local `claude` CLI, but fixes plan mode and disallows file, shell, web, and task tools.
  • `dist/chunks/update-UEPNGB6Y.js` can run global npm update only from the interactive client update action.
Evidence against
  • `package.json` has only `prepublishOnly`; there is no install-time lifecycle hook.
  • No source writes foreign AI-agent configuration or broad control surfaces.
  • No credential harvesting beyond explicitly entered or named provider env keys.
  • No arbitrary shell command or remote payload execution was found.
  • Network use is package-aligned: collaboration WebSocket, provider APIs, npm update check, and radio media.
  • Package writes are scoped to `~/.accelr8` state, credentials, logs, and local server data.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsObfuscatedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 10 file(s), 990 KB of source, external domains: accelr8-canvas.patonchain.workers.dev, api.anthropic.com, api.openai.com, registry.npmjs.org

Source & flagged code

5 flagged · loading source
dist/chunks/app-EOVXVIEE.jsView file
matchType = previous_version_dangerous_delta matchedPackage = accelr8@3.7.0 matchedIdentity = npm:YWNjZWxyOA:3.7.0 similarity = 0.900 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/chunks/app-EOVXVIEE.jsView on unpkg
15// src/radio/asciivideo.ts L16: import { spawn } from "node:child_process"; L17: var RAMPS = {
High
Child Process

Package source references child process execution.

dist/chunks/app-EOVXVIEE.jsView on unpkg · L15
dist/chunks/client-OIVTEENE.jsView file
875{ file: "konsole", mk: (c) => ["-e", "sh", "-c", c] }, L876: { file: "xfce4-terminal", mk: (c) => ["-e", `sh -c '${c}'`] }, L877: { file: "alacritty", mk: (c) => ["-e", "sh", "-c", c] },
High
Shell

Package source references shell execution.

dist/chunks/client-OIVTEENE.jsView on unpkg · L875
848// src/radio/launch.ts L849: import { spawn } from "node:child_process"; L850: import path from "node:path"; ... L855: const repo = path.resolve(path.dirname(entry), ".."); L856: return `cd '${repo}' && npx tsx '${entry}' radio`; L857: }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/chunks/client-OIVTEENE.jsView on unpkg · L848
dist/chunks/chunk-3JNUWI22.jsView file
135const a = process.env.ANTHROPIC_API_KEY?.trim(); L136: const o = process.env.OPENAI_API_KEY?.trim(); L137: if (a) out.anthropic = a; ... L148: // src/executor.ts L149: import { spawn } from "node:child_process"; L150: var ANTHROPIC_VERSION = "2023-06-01"; L151: var ANTHROPIC_BASE = "https://api.anthropic.com"; L152: var OPENAI_BASE = "https://api.openai.com";
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/chunks/chunk-3JNUWI22.jsView on unpkg · L135

Findings

1 Critical4 High4 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/chunks/app-EOVXVIEE.js
HighChild Processdist/chunks/app-EOVXVIEE.js
HighShelldist/chunks/client-OIVTEENE.js
HighSame File Env Network Executiondist/chunks/chunk-3JNUWI22.js
HighRuntime Package Installdist/chunks/client-OIVTEENE.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings