AI Security Review
scanned 2h ago · by lpm-firewall-aiThe explicit dashboard server exposes unauthenticated arbitrary shell execution through local HTTP endpoint `/api/run`; if made reachable to untrusted clients, it is RCE. The interactive CLI is also an AI-driven repository mutation and GitHub publishing tool, activated by user commands and confirmations. No install-time attack behavior is present.
Decision evidence
public snapshot- `dist/server.js` POST `/api/run` passes arbitrary request `command` to `child_process.exec`.
- `dist/agent.js` sends workspace source and issue text to configured LLM endpoints, then writes LLM-generated edits into workspace files.
- `dist/cli.js` user commands can stage, force-push, create a PR, and close a GitHub issue.
- Opaque native executables are shipped in `dist/binaries/`.
- `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
- `dist/tools/index.js` command helper visibly prompts the user before executing requested commands.
- `dist/cli.js` writes API keys and GitHub token only after interactive `/connect` input, to the current project's `.env`.
- No decoded payload, `eval`, `Function`, runtime package install, or remote-code loader was found in inspected JavaScript.
- `dist/binaries/cli.js`, `agent.js`, and `tools/index.js` are byte-identical copies of the inspected `dist` sources.
Source & flagged code
5 flagged · loading sourceSource fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/tools/index.jsView on unpkg · L5A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/tools/index.jsView on unpkgPackage source references child process execution.
dist/tools/index.jsView on unpkg · L5Package source invokes a package manager install command at runtime.
dist/tools/index.jsView on unpkg · L330