registry  /  arp-tui  /  0.0.2

arp-tui@0.0.2

Human-facing terminal client for Agent Relay Protocol. Tail channels and post messages from your terminal.

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The CLI performs explicit OAuth login and authenticated relay communication, storing its own credentials locally.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs arp-tui login, tail, status, or logout.
Impact
User-provided or OAuth-issued tokens are sent only to the selected auth and relay services for the client’s stated functionality.
Mechanism
OAuth PKCE, configured relay REST/WebSocket access, and local credential storage.
Rationale
The scanner’s credential/network match reflects the documented authenticated terminal client workflow. Direct inspection found no install-time execution or concrete exfiltration, persistence, destructive action, or remote-code chain.
Evidence
package.jsonREADME.mddist/index.js~/.arp-tui/config.json~/.arp-tui/credentials.json
Network endpoints3
arp-relay-dev.up.railway.apparp-web-dev.up.railway.appgenerous-fish-48.clerk.accounts.dev

Decision evidence

public snapshot
AI called this Clean at 95.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/index.js sends OAuth and relay bearer tokens over network during explicit CLI login/tail use.
  • dist/index.js stores refreshable credentials in ~/.arp-tui/credentials.json.
Evidence against
  • package.json has only prepublishOnly; no install-time lifecycle hook.
  • dist/index.js invokes child_process only to open the user-requested OAuth browser login.
  • Credential files are written atomically with mode 0600 and permission checks.
  • Network calls implement configured OAuth, relay REST, and authenticated WebSocket client behavior.
  • No eval, dynamic module loading, shell execution, payload download, or foreign agent-config writes found.
  • logout revokes tokens and removes active credentials via a tombstone record.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 1 file(s), 96.6 KB of source, external domains: 127.0.0.1, app.example.com, arp-relay-dev.up.railway.app, arp-web-dev.up.railway.app, generous-fish-48.clerk.accounts.dev, relay.example.com, your-instance.clerk.accounts.dev

Source & flagged code

2 flagged · loading source
dist/index.jsView file
41try { L42: return JSON.parse(fs.readFileSync(file, "utf8")); L43: } catch { ... L47: function loosePermsError(p, expected) { L48: if (process.platform === "win32") return null; L49: let st; ... L63: // src/config.ts L64: var CONFIG_DIR = path2.join(os.homedir(), ".arp-tui"); L65: var CONFIG_FILE = path2.join(CONFIG_DIR, "config.json"); ... L73: var DEV_PROFILE = { L74: relayUrl: "https://arp-relay-dev.up.railway.app", L75: webUrl: "https://arp-web-dev.up.railway.app",
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/index.jsView on unpkg · L41
41Trigger-reachable chain: manifest.bin -> dist/index.js L41: try { L42: return JSON.parse(fs.readFileSync(file, "utf8")); L43: } catch { ... L47: function loosePermsError(p, expected) { L48: if (process.platform === "win32") return null; L49: let st; ... L63: // src/config.ts L64: var CONFIG_DIR = path2.join(os.homedir(), ".arp-tui"); L65: var CONFIG_FILE = path2.join(CONFIG_DIR, "config.json"); ... L73: var DEV_PROFILE = { L74: relayUrl: "https://arp-relay-dev.up.railway.app", L75: webUrl: "https://arp-web-dev.up.railway.app",
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/index.jsView on unpkg · L41

Findings

2 Critical3 Medium6 Low
CriticalCredential Exfiltrationdist/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License