registry  /  arp-tui  /  0.0.4

arp-tui@0.0.4

Human-facing terminal client for Agent Relay Protocol. Tail channels and post messages from your terminal.

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface. Runtime networking and token handling are directly aligned with the documented interactive ARP terminal client and user-selected profile.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Explicit user execution of `arp-tui`, `arp-tui login`, or `arp-tui logout`.
Impact
Stores and transmits user-provided or OAuth tokens only to the configured ARP relay and identity provider.
Mechanism
User-authorized OAuth authentication and authenticated relay client.
Rationale
The scanner's credential-exfiltration signal maps to expected authenticated OAuth and relay traffic in an explicitly invoked terminal client. Source inspection found no install-time execution, stealth persistence, foreign control-surface mutation, or concrete exfiltration beyond the client’s configured service operations.
Evidence
package.jsondist/index.jsREADME.md~/.arp-tui/config.json~/.arp-tui/credentials.json/tmp/arp-tui-frames.jsonl
Network endpoints3
arp-relay-dev.up.railway.apparp-web-dev.up.railway.appgenerous-fish-48.clerk.accounts.dev

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `dist/index.js` sends bearer tokens to configured relay, OAuth, and WebSocket endpoints.
  • `dist/index.js` stores OAuth credentials in `~/.arp-tui/credentials.json` with restrictive modes.
Evidence against
  • `package.json` has no preinstall, install, or postinstall hook; `prepublishOnly` is publisher-only.
  • `dist/index.js` runs only as the declared `arp-tui` CLI entrypoint.
  • Network requests implement documented OAuth, relay REST, and authenticated WebSocket operations.
  • No source use of eval, dynamic module loading, shell command execution beyond opening the user OAuth URL, or broad file harvesting.
  • Credential storage is scoped to `~/.arp-tui`, uses 0700/0600 modes, and logout revokes/deletes the stored grant.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 1 file(s), 106 KB of source, external domains: 127.0.0.1, app.example.com, arp-relay-dev.up.railway.app, arp-web-dev.up.railway.app, generous-fish-48.clerk.accounts.dev, relay.example.com, your-instance.clerk.accounts.dev

Source & flagged code

2 flagged · loading source
dist/index.jsView file
41try { L42: return JSON.parse(fs.readFileSync(file, "utf8")); L43: } catch { ... L47: function loosePermsError(p, expected) { L48: if (process.platform === "win32") return null; L49: let st; ... L63: // src/config.ts L64: var CONFIG_DIR = path2.join(os.homedir(), ".arp-tui"); L65: var CONFIG_FILE = path2.join(CONFIG_DIR, "config.json"); ... L73: var DEV_PROFILE = { L74: relayUrl: "https://arp-relay-dev.up.railway.app", L75: webUrl: "https://arp-web-dev.up.railway.app",
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/index.jsView on unpkg · L41
41Trigger-reachable chain: manifest.bin -> dist/index.js L41: try { L42: return JSON.parse(fs.readFileSync(file, "utf8")); L43: } catch { ... L47: function loosePermsError(p, expected) { L48: if (process.platform === "win32") return null; L49: let st; ... L63: // src/config.ts L64: var CONFIG_DIR = path2.join(os.homedir(), ".arp-tui"); L65: var CONFIG_FILE = path2.join(CONFIG_DIR, "config.json"); ... L73: var DEV_PROFILE = { L74: relayUrl: "https://arp-relay-dev.up.railway.app", L75: webUrl: "https://arp-web-dev.up.railway.app",
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/index.jsView on unpkg · L41

Findings

2 Critical3 Medium6 Low
CriticalCredential Exfiltrationdist/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License