AI Security Review
scanned 11d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is a user-invoked static-analysis CLI that reads target source/report files and may write .candor report outputs.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User invokes candor-ts, candor-ts-query, candor-ts-mcp, or candor-ts-watch.
Impact
Expected local filesystem reads/writes for reports; watch mode re-runs the local scanner subprocess on user-selected files.
Mechanism
static analysis and report query CLI
Rationale
Source inspection shows potentially sensitive primitives are package-aligned: filesystem access is for scanning/report loading, subprocess use is limited to watch mode invoking scan.mjs, and no install-time or exfiltration behavior is present. The scanner's prior dangerous-delta hint is noisy because the flagged code implements an analyzer and classifier rather than a payload.
Evidence
package.jsonscan.mjsquery.mjsquery-core.mjsmcp.mjswatch.mjsscan-core.mjspolicy.mjscontract.mjsAGENTS.md
Decision evidence
public snapshotAI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has CLI bins but no preinstall/postinstall lifecycle hooks.
- scan.mjs performs TypeScript static analysis and writes reports only when user invokes candor-ts.
- query.mjs/query-core.mjs/mcp.mjs are report-query surfaces that read candor report files; MCP policy reads are confined to the report directory.
- watch.mjs uses spawnSync only to re-run local scan.mjs on a user-supplied target after source changes.
- No credential harvesting, persistence, destructive behavior, install-time execution, or runtime exfiltration endpoints found.
- scan-core.mjs network/exec strings are classifier rules for analyzed target code, not behavior performed by this package.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcewatch.mjsView file
16*/
L17: import { spawnSync } from "node:child_process";
L18: import crypto from "node:crypto";
...
L63: const r = spawnSync("node", [path.join(HERE, "scan.mjs"), target, "--out", out], { encoding: "utf8" });
L64: return { ok: r.status === 0, ms: Date.now() - t0, stderr: r.stderr };
L65: }
Low
scan.mjsView file
•matchType = previous_version_dangerous_delta
matchedPackage = candor-ts@0.7.7
matchedIdentity = npm:Y2FuZG9yLXRz:0.7.7
similarity = 0.750
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version.
scan.mjsView on unpkgFindings
1 Critical1 Medium5 Low
CriticalPrevious Version Dangerous Deltascan.mjs
MediumEnvironment Vars
LowScripts Present
LowWeak Cryptowatch.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings