AI Security Review
scanned 17h ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package provides explicit user-triggered deployment and local-development management actions.
Static reason
One or more suspicious static signals were detected.
Trigger
User invokes Vercel deployment, SSH deployment, or optional vector-store installation through the application.
Impact
Can deploy generated project files and supplied secrets to the user's chosen Vercel project or SSH host.
Mechanism
User-directed Vercel API upload, SSH deployment, and fixed local dependency installation.
Rationale
The flagged credential, filesystem, network, SSH, and shell primitives implement visible, user-invoked deployment and local setup workflows. No lifecycle execution, stealth persistence, foreign AI-agent mutation, or unconsented exfiltration is present in the inspected source.
Evidence
package.jsonapp/actions/vercel.tsapp/api/deploy/ssh/route.tsapp/api/vector-stores/install/route.tscomponents/server/deploy-button.tsx
Network endpoints2
api.vercel.comget.docker.com
Decision evidence
public snapshotAI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
- `app/api/deploy/ssh/route.ts` accepts SSH credentials and runs deployment commands on the user-supplied host.
- `app/actions/vercel.ts` reads `.larkup` server data and uploads generated deployment files using a supplied Vercel token.
- `app/api/vector-stores/install/route.ts` can run a fixed `pnpm add` command in local development.
Evidence against
- `package.json` has no preinstall, install, postinstall, prepare, bin, or import-time hook.
- SSH and Vercel actions are explicit UI/API deployment features, not install-time behavior.
- Vercel requests target only `https://api.vercel.com` with the user-provided token.
- The optional install route allowlists only `chromadb@^1.9.0` and rejects production.
- No obfuscated payload, eval/vm execution, agent-control writes, or credential exfiltration endpoint was found.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcecomponents/server/deploy-button.tsxView file
995patternName = private_key_openssh
severity = critical
line = 995
matchedText = placehol......"
Critical
Critical Secret
Package contains a critical-looking secret pattern.
components/server/deploy-button.tsxView on unpkg · L995995patternName = private_key_openssh
severity = critical
line = 995
matchedText = placehol......"
Critical
Secret Pattern
OpenSSH private key in components/server/deploy-button.tsx
components/server/deploy-button.tsxView on unpkg · L995Findings
2 Critical2 Medium5 Low
CriticalCritical Secretcomponents/server/deploy-button.tsx
CriticalSecret Patterncomponents/server/deploy-button.tsx
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License