registry  /  bossmode  /  0.18.1

bossmode@0.18.1

Discord-style AI team chat room

AI Security Review

scanned 3h ago · by lpm-firewall-ai

The user-invoked HTTP daemon has a static-file path traversal. A request path containing traversal segments can escape `web/dist` because no normalized-prefix check is applied before reading the file.

Static reason
High-risk behavior combination matched malicious policy.; source matched previously finalized malicious package; routed for review
Trigger
A traversal HTTP request to a running Bossmode server.
Impact
Potential disclosure of arbitrary files readable by the Bossmode process, especially if the user exposes the server beyond localhost.
Mechanism
Unvalidated static-path construction followed by synchronous file read.
Rationale
Source inspection does not establish malicious intent or behavior. It does establish a concrete file-disclosure vulnerability, so the package should be warned rather than blocked.
Evidence
package.jsondist/cli/index.jsdist/server/index.jsdist/shared/config.jsdist/integrations/linear-client.jsweb/dist/assets/index-MzlDDEbN.jsweb/dist

Decision evidence

public snapshot
AI called this Suspicious at 92.0% confidence as Critical Vulnerability with low false-positive risk.
Evidence for warning
  • `dist/server/index.js` joins `req.url` to `webDistDir` without containment validation.
  • `serveStatic` checks existence then calls `readFileSync` on that derived path.
  • `dist/cli/index.js` accepts `--host`, including a user-selected non-local bind address.
Evidence against
  • `package.json` contains no `preinstall`, `install`, or `postinstall` hook.
  • `dist/cli/index.js` forks only the package's own `dist/server/daemon.js` after explicit `bossmode on`.
  • Dynamic imports in `dist` use fixed package-relative module paths; no runtime remote-code loader was found.
  • Flagged `web/dist/assets` files are bundled editor/language syntax modules, not executable payload delivery.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 227 file(s), 4.92 MB of source, external domains: api.example.com, api.example.invalid, api.linear.app, codesandbox.io, github.com, json-schema.org, lea.verou.me, lexical.dev, nodebox-runtime.codesandbox.io, opensource.org, preview.sandpack-static-server.codesandbox.io, radix-ui.com, react.dev, vitejs.dev, www.w3.org

Source & flagged code

6 flagged · loading source
dist/cli/index.jsView file
1#!/usr/bin/env node L2: import { fork } from "node:child_process"; L3: import { openSync, readFileSync } from "node:fs";
High
Child Process

Package source references child process execution.

dist/cli/index.jsView on unpkg · L1
web/dist/assets/index-MzlDDEbN.jsView file
8]|$)`},{atBreak:!0,character:"<",after:"[!/?A-Za-z]"},{character:"<",after:"[!/?A-Za-z]",inConstruct:"phrasing",notInConstruct:Ja},{character:"<",inConstruct:"destinationLiteral"},... L9: `)&&u.type==="html"&&(s[s.length-1]=s[s.length-1].replace(/(\r?\n|\r)$/," "),a=" ",c=e.createTracker(n),c.move(s.join("")));let f=e.handle(u,t,e,{...c.current(),after:h,before:a});... L10: `,after:` ... L20: `,now:{line:1,column:1},lineShift:0});return i&&i.charCodeAt(i.length-1)!==10&&i.charCodeAt(i.length-1)!==13&&(i+=` L21: `),i;function s(o){return r.stack.push(o),a;function a(){r.stack.pop()}}}function ZZ(t){throw new Error("Cannot handle value `"+t+"`, expected node")}function zZ(t){const e=t;throw... L22: ... L43: L44: `))}return r.pop(),a.join("")}function jI(t){let e=0,n=t.stack.length;for(;--n>-1;){const r=t.stack[n];if(r==="blockquote"||r==="listItem")break;r==="mdxJsxFlowElement"&&e++}return... L45: `));var e=[],n=t.split(/(\n|\r\n)/);n[n.length-1]||n.pop();for(var r=0;r<n.length;r++){var i=n[r];r%2&&!this.options.newlineIsToken?e[e.length-1]+=i:(this.options.ignoreWhitespace&... ... L147: `+t.slice(o+1):l+=t.slice(i),l.slice(1)}function jie(t){for(var e="",n=0,r,i=0;i<t.length;n
Critical
Download Execute

Source downloads or fetches remote code and executes it.

web/dist/assets/index-MzlDDEbN.jsView on unpkg · L8
897} L898: `,aOe={defaultPreset:"react",presets:[{name:"react",meta:"live react",label:"React",sandpackTemplate:"react",sandpackTheme:"light",snippetFileName:"/App.js",snippetLanguage:"jsx",i... L899: `:r=="r"?"\r":r=="t"?" ":"\\")}eq(e){return this.search==e.search&&this.replace==e.replace&&this.caseSensitive==e.caseSensitive&&this.regexp==e.regexp&&this.wholeWord==e.wholeWord&...
High
Shell

Package source references shell execution.

web/dist/assets/index-MzlDDEbN.jsView on unpkg · L897
web/dist/assets/livescript-BwQOo05w.jsView file
1var f=function(e,n){var g=n.next||"start";{n.next=n.next;var k=x[g];if(k.splice){for(var l=0;l<k.length;++l){var t=k[l];if(t.regex&&e.match(t.regex))return n.next=t.next||n.next,t....
Medium
Dynamic Require

Package source references dynamic require/import behavior.

web/dist/assets/livescript-BwQOo05w.jsView on unpkg · L1
web/dist/assets/sql-D0XecflT.jsView file
matchType = normalized_sha256 matchedPackage = @yancyyu/agentcli@1.9.14 matchedPath = dist-renderer/assets/sql-D0XecflT.js matchedIdentity = npm:QHlhbmN5eXUvYWdlbnRjbGk:1.9.14 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

web/dist/assets/sql-D0XecflT.jsView on unpkg
web/dist/assets/vbscript-BuJXcnF6.jsView file
matchType = normalized_sha256 matchedPackage = @yancyyu/agentcli@1.9.14 matchedPath = dist-renderer/assets/vbscript-BuJXcnF6.js matchedIdentity = npm:QHlhbmN5eXUvYWdlbnRjbGk:1.9.14 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

web/dist/assets/vbscript-BuJXcnF6.jsView on unpkg

Findings

1 Critical4 High4 Medium5 Low
CriticalDownload Executeweb/dist/assets/index-MzlDDEbN.js
HighChild Processdist/cli/index.js
HighShellweb/dist/assets/index-MzlDDEbN.js
HighKnown Malware Source Similarityweb/dist/assets/sql-D0XecflT.js
HighKnown Malware Source Similarityweb/dist/assets/vbscript-BuJXcnF6.js
MediumDynamic Requireweb/dist/assets/livescript-BwQOo05w.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings