AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The user-invoked CLI performs OAuth and connects to its configured relay, storing its own credentials locally with restrictive permissions.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
Explicit arp-tui login, tail, status, or profile command
Impact
No concrete exfiltration, persistence, destructive action, or foreign control-surface mutation established.
Mechanism
User-authorized OAuth credential handling and ARP relay REST/WebSocket communication
Rationale
The scanner’s credential/network indicators correspond to documented OAuth and relay-client functionality. Source inspection found no install-time execution or concrete malicious chain.
Evidence
package.jsondist/index.jsREADME.md~/.arp-tui/config.json~/.arp-tui/credentials.json/tmp/arp-tui-frames.jsonl
Network endpoints3
arp-relay-dev.up.railway.apparp-web-dev.up.railway.appgenerous-fish-48.clerk.accounts.dev
Decision evidence
public snapshotAI called this Clean at 97.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no install/preinstall/postinstall hook; only prepublishOnly.
- dist/index.js runs as the user-invoked CLI entrypoint, not on import/install.
- OAuth tokens are sent only to configured Clerk OAuth endpoints and relay API/WebSocket endpoints.
- Credential/config writes are confined to ~/.arp-tui with 0600 files and a 0700 directory.
- The only child process opens the user’s browser for explicit login.
- No shell execution, eval/vm, payload loading, foreign config mutation, or broad file harvesting found.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcedist/index.jsView file
41try {
L42: return JSON.parse(fs.readFileSync(file, "utf8"));
L43: } catch {
...
L47: function loosePermsError(p, expected) {
L48: if (process.platform === "win32") return null;
L49: let st;
...
L63: // src/config.ts
L64: var CONFIG_DIR = path2.join(os.homedir(), ".arp-tui");
L65: var CONFIG_FILE = path2.join(CONFIG_DIR, "config.json");
...
L73: var DEV_PROFILE = {
L74: relayUrl: "https://arp-relay-dev.up.railway.app",
L75: webUrl: "https://arp-web-dev.up.railway.app",
Critical
Credential Exfiltration
Source appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L4141Trigger-reachable chain: manifest.bin -> dist/index.js
L41: try {
L42: return JSON.parse(fs.readFileSync(file, "utf8"));
L43: } catch {
...
L47: function loosePermsError(p, expected) {
L48: if (process.platform === "win32") return null;
L49: let st;
...
L63: // src/config.ts
L64: var CONFIG_DIR = path2.join(os.homedir(), ".arp-tui");
L65: var CONFIG_FILE = path2.join(CONFIG_DIR, "config.json");
...
L73: var DEV_PROFILE = {
L74: relayUrl: "https://arp-relay-dev.up.railway.app",
L75: webUrl: "https://arp-web-dev.up.railway.app",
Critical
Trigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L41Findings
2 Critical3 Medium6 Low
CriticalCredential Exfiltrationdist/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License