AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The risky primitives are aligned with a browser terminal and Claude GUI wrapper and are activated by running the CLI/server, not by covert install-time payloads.
Decision evidence
public snapshot- package.json has postinstall running server/fix-pty-perms.js
- bin/mulmoterminal.js uses child_process to check claude, spawn server, and open localhost URL
- server/index.ts spawns Claude PTYs and exposes local WebSocket/API control surfaces
- server/plugins-registry.ts dynamically imports configured plugin packages from plugins/plugins.json
- server/fix-pty-perms.js only chmods node-pty prebuild spawn-helper files to 0755
- bin/update-check.js only fetches package latest metadata from npm registry and fails closed
- server/index.ts origin-checks browser-driven local action routes/sockets to localhost/127.0.0.1/::1
- server/claude-args.ts builds argv arrays with -- delimiter for prompts; no shell interpolation for Claude spawn
- server/pick-file.ts/open-dir.ts/gitRemote.ts use fixed commands with argv, not user-built shell strings
- File writes are app/workspace artifacts or local state with path containment checks in inspected backends
Source & flagged code
10 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
bin/mulmoterminal.jsView on unpkg · L7Manifest entrypoint contains risky behavior absent from dist/build output.
bin/mulmoterminal.jsView on unpkg · L7A single source file combines environment access, network access, and code or shell execution; review context before blocking.
bin/mulmoterminal.jsView on unpkg · L193Package source references dynamic require/import behavior.
server/plugins-registry.tsView on unpkg · L65Package source references weak cryptographic algorithms.
server/worktrees.tsView on unpkg · L6Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/assets/mermaid-parser.core-DC7NPJ_M-DgfQQlG5.jsView on unpkg · L46Package ships high-entropy non-source blobs.
dist/assets/material-symbols-outlined-DKJDg2oJ.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
dist/assets/marp-cCC1_YXp.jsView on unpkg