registry  /  larkup  /  0.1.14

larkup@0.1.14

AI Security Review

scanned 17h ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package provides explicit user-triggered deployment and local-development management actions.

Static reason
One or more suspicious static signals were detected.
Trigger
User invokes Vercel deployment, SSH deployment, or optional vector-store installation through the application.
Impact
Can deploy generated project files and supplied secrets to the user's chosen Vercel project or SSH host.
Mechanism
User-directed Vercel API upload, SSH deployment, and fixed local dependency installation.
Rationale
The flagged credential, filesystem, network, SSH, and shell primitives implement visible, user-invoked deployment and local setup workflows. No lifecycle execution, stealth persistence, foreign AI-agent mutation, or unconsented exfiltration is present in the inspected source.
Evidence
package.jsonapp/actions/vercel.tsapp/api/deploy/ssh/route.tsapp/api/vector-stores/install/route.tscomponents/server/deploy-button.tsx
Network endpoints2
api.vercel.comget.docker.com

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `app/api/deploy/ssh/route.ts` accepts SSH credentials and runs deployment commands on the user-supplied host.
  • `app/actions/vercel.ts` reads `.larkup` server data and uploads generated deployment files using a supplied Vercel token.
  • `app/api/vector-stores/install/route.ts` can run a fixed `pnpm add` command in local development.
Evidence against
  • `package.json` has no preinstall, install, postinstall, prepare, bin, or import-time hook.
  • SSH and Vercel actions are explicit UI/API deployment features, not install-time behavior.
  • Vercel requests target only `https://api.vercel.com` with the user-provided token.
  • The optional install route allowlists only `chromadb@^1.9.0` and rejects production.
  • No obfuscated payload, eval/vm execution, agent-control writes, or credential exfiltration endpoint was found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 103 file(s), 599 KB of source, external domains: api.example.com, api.vercel.com, docs.larkup.dev, get.docker.com, google.serper.dev, proxy.example.com, vercel.com

Source & flagged code

2 flagged · loading source
components/server/deploy-button.tsxView file
995patternName = private_key_openssh severity = critical line = 995 matchedText = placehol......"
Critical
Critical Secret

Package contains a critical-looking secret pattern.

components/server/deploy-button.tsxView on unpkg · L995
995patternName = private_key_openssh severity = critical line = 995 matchedText = placehol......"
Critical
Secret Pattern

OpenSSH private key in components/server/deploy-button.tsx

components/server/deploy-button.tsxView on unpkg · L995

Findings

2 Critical2 Medium5 Low
CriticalCritical Secretcomponents/server/deploy-button.tsx
CriticalSecret Patterncomponents/server/deploy-button.tsx
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License