AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Runtime networking and token handling are directly aligned with the documented interactive ARP terminal client and user-selected profile.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
Explicit user execution of `arp-tui`, `arp-tui login`, or `arp-tui logout`.
Impact
Stores and transmits user-provided or OAuth tokens only to the configured ARP relay and identity provider.
Mechanism
User-authorized OAuth authentication and authenticated relay client.
Rationale
The scanner's credential-exfiltration signal maps to expected authenticated OAuth and relay traffic in an explicitly invoked terminal client. Source inspection found no install-time execution, stealth persistence, foreign control-surface mutation, or concrete exfiltration beyond the client’s configured service operations.
Evidence
package.jsondist/index.jsREADME.md~/.arp-tui/config.json~/.arp-tui/credentials.json/tmp/arp-tui-frames.jsonl
Network endpoints3
arp-relay-dev.up.railway.apparp-web-dev.up.railway.appgenerous-fish-48.clerk.accounts.dev
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
- `dist/index.js` sends bearer tokens to configured relay, OAuth, and WebSocket endpoints.
- `dist/index.js` stores OAuth credentials in `~/.arp-tui/credentials.json` with restrictive modes.
Evidence against
- `package.json` has no preinstall, install, or postinstall hook; `prepublishOnly` is publisher-only.
- `dist/index.js` runs only as the declared `arp-tui` CLI entrypoint.
- Network requests implement documented OAuth, relay REST, and authenticated WebSocket operations.
- No source use of eval, dynamic module loading, shell command execution beyond opening the user OAuth URL, or broad file harvesting.
- Credential storage is scoped to `~/.arp-tui`, uses 0700/0600 modes, and logout revokes/deletes the stored grant.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcedist/index.jsView file
41try {
L42: return JSON.parse(fs.readFileSync(file, "utf8"));
L43: } catch {
...
L47: function loosePermsError(p, expected) {
L48: if (process.platform === "win32") return null;
L49: let st;
...
L63: // src/config.ts
L64: var CONFIG_DIR = path2.join(os.homedir(), ".arp-tui");
L65: var CONFIG_FILE = path2.join(CONFIG_DIR, "config.json");
...
L73: var DEV_PROFILE = {
L74: relayUrl: "https://arp-relay-dev.up.railway.app",
L75: webUrl: "https://arp-web-dev.up.railway.app",
Critical
Credential Exfiltration
Source appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L4141Trigger-reachable chain: manifest.bin -> dist/index.js
L41: try {
L42: return JSON.parse(fs.readFileSync(file, "utf8"));
L43: } catch {
...
L47: function loosePermsError(p, expected) {
L48: if (process.platform === "win32") return null;
L49: let st;
...
L63: // src/config.ts
L64: var CONFIG_DIR = path2.join(os.homedir(), ".arp-tui");
L65: var CONFIG_FILE = path2.join(CONFIG_DIR, "config.json");
...
L73: var DEV_PROFILE = {
L74: relayUrl: "https://arp-relay-dev.up.railway.app",
L75: webUrl: "https://arp-web-dev.up.railway.app",
Critical
Trigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L41Findings
2 Critical3 Medium6 Low
CriticalCredential Exfiltrationdist/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License