registry  /  arp-tui  /  0.0.3

arp-tui@0.0.3

Human-facing terminal client for Agent Relay Protocol. Tail channels and post messages from your terminal.

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The user-invoked CLI performs OAuth and connects to its configured relay, storing its own credentials locally with restrictive permissions.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Explicit arp-tui login, tail, status, or profile command
Impact
No concrete exfiltration, persistence, destructive action, or foreign control-surface mutation established.
Mechanism
User-authorized OAuth credential handling and ARP relay REST/WebSocket communication
Rationale
The scanner’s credential/network indicators correspond to documented OAuth and relay-client functionality. Source inspection found no install-time execution or concrete malicious chain.
Evidence
package.jsondist/index.jsREADME.md~/.arp-tui/config.json~/.arp-tui/credentials.json/tmp/arp-tui-frames.jsonl
Network endpoints3
arp-relay-dev.up.railway.apparp-web-dev.up.railway.appgenerous-fish-48.clerk.accounts.dev

Decision evidence

public snapshot
AI called this Clean at 97.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/preinstall/postinstall hook; only prepublishOnly.
    • dist/index.js runs as the user-invoked CLI entrypoint, not on import/install.
    • OAuth tokens are sent only to configured Clerk OAuth endpoints and relay API/WebSocket endpoints.
    • Credential/config writes are confined to ~/.arp-tui with 0600 files and a 0700 directory.
    • The only child process opens the user’s browser for explicit login.
    • No shell execution, eval/vm, payload loading, foreign config mutation, or broad file harvesting found.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
    Supply chain
    HighEntropyStringsUrlStrings
    Manifest
    NoLicense
    scanned 1 file(s), 106 KB of source, external domains: 127.0.0.1, app.example.com, arp-relay-dev.up.railway.app, arp-web-dev.up.railway.app, generous-fish-48.clerk.accounts.dev, relay.example.com, your-instance.clerk.accounts.dev

    Source & flagged code

    2 flagged · loading source
    dist/index.jsView file
    41try { L42: return JSON.parse(fs.readFileSync(file, "utf8")); L43: } catch { ... L47: function loosePermsError(p, expected) { L48: if (process.platform === "win32") return null; L49: let st; ... L63: // src/config.ts L64: var CONFIG_DIR = path2.join(os.homedir(), ".arp-tui"); L65: var CONFIG_FILE = path2.join(CONFIG_DIR, "config.json"); ... L73: var DEV_PROFILE = { L74: relayUrl: "https://arp-relay-dev.up.railway.app", L75: webUrl: "https://arp-web-dev.up.railway.app",
    Critical
    Credential Exfiltration

    Source appears to send environment or credential material to an external endpoint.

    dist/index.jsView on unpkg · L41
    41Trigger-reachable chain: manifest.bin -> dist/index.js L41: try { L42: return JSON.parse(fs.readFileSync(file, "utf8")); L43: } catch { ... L47: function loosePermsError(p, expected) { L48: if (process.platform === "win32") return null; L49: let st; ... L63: // src/config.ts L64: var CONFIG_DIR = path2.join(os.homedir(), ".arp-tui"); L65: var CONFIG_FILE = path2.join(CONFIG_DIR, "config.json"); ... L73: var DEV_PROFILE = { L74: relayUrl: "https://arp-relay-dev.up.railway.app", L75: webUrl: "https://arp-web-dev.up.railway.app",
    Critical
    Trigger Reachable Dangerous Capability

    A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

    dist/index.jsView on unpkg · L41

    Findings

    2 Critical3 Medium6 Low
    CriticalCredential Exfiltrationdist/index.js
    CriticalTrigger Reachable Dangerous Capabilitydist/index.js
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings
    LowNo License