AI Security Review
scanned 3h ago · by lpm-firewall-aiWhen a user runs `customize`, the CLI starts a detached Next.js dashboard that defaults to binding `0.0.0.0`. Its unauthenticated `/api/prompt` route can read, create, change, or delete `CUSTOMIZE.md` for project directories listed in the package-owned registry.
Decision evidence
public snapshot- `dist/index.js` runs only when the user invokes the `customize` CLI; it has no npm `preinstall`, `install`, or `postinstall` trigger.
- `dist/index.js` spawns the bundled dashboard as a detached process, writes `~/.customize-agent/logs/dashboard-<port>.log`, and checks `http://localhost:<port>/api/health`.
- `dist/server/apps/server/server.js` sets the dashboard hostname from `HOSTNAME` with a default of `0.0.0.0`, so the user-invoked local dashboard can listen on non-loopback interfaces.
- `dist/server/apps/server/.next/server/pages/api/prompt.js` exposes unauthenticated GET, PUT, and DELETE operations for `CUSTOMIZE.md` in project directories recorded in `~/.customize-agent/projects/registry.db`; it rejects paths inside `~/.customize-agent` and requires the basename to be `CUSTOMIZE.md`.
- `dist/agent/tool-registry.js` loads MCP commands only from the package-owned `~/.customize-agent/mcp.json`; no code inspected writes `.mcp.json`, `CLAUDE.md`, `.claude`, `.codex`, Cursor configuration, VCS hooks, shell startup files, or OS service entries.
- The flagged 2.46 MB `dist/server/apps/server/.next/server/chunks/76.js` begins as a normal generated Next.js/Ant Design server chunk and includes bundled framework/provider code; no encoded payload decoder, remote JavaScript loader, or execution chain was confirmed.
- No remote JavaScript, shell-command, paste/blob/json-storage payload fetch-and-execute path was found in the inspected CLI, agent, configuration, server entry, or flagged bundle evidence.
- No credential collection or exfiltration endpoint was confirmed; the package’s declared provider domains are consistent with user-configured LLM API use.
- The detached process is a package-aligned dashboard started only from the explicit `customize` command, not during npm installation.
- The version’s new static assets and oversized server chunk are explainable as a bundled Next.js dashboard release rather than a standalone staged payload.
Source & flagged code
3 flagged · loading sourcePackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
dist/server/apps/server/.next/server/chunks/76.jsView on unpkgPackage contains source files above the static scanner size ceiling.
dist/server/apps/server/.next/server/chunks/76.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
dist/index.jsView on unpkg