registry  /  neural-loom  /  0.5.0

neural-loom@0.5.0

NeuralLoom is a local Next.js orchestration cockpit and terminal bridge designed to manage multiple concurrent terminal agent sessions (such as **Claude Code** and **Aider**) in isolated or overlapping workspaces. It streams pseudo-terminal (PTY) streams

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Explicitly running the CLI starts a local agent-orchestration dashboard. Runtime initialization writes first-party Claude command and MCP configuration into the selected workspace; no unconsented install-time control-surface mutation is present.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `neural-loom` or starts its dashboard/session workflow.
Impact
The package can extend Claude Code in the active workspace and execute user-selected local/remote agent commands with that user's permissions.
Mechanism
Runtime workspace bootstrap plus user-invoked local agent and shell orchestration.
Rationale
No malicious install-time or covert attack behavior was found. The automatic runtime mutation of Claude workspace configuration is a real first-party agent-extension lifecycle risk and merits a warning.
Evidence
package.jsonbin/cli.jssrc/lib/agents/ContextManager.tssrc/lib/agents/SessionManager.tssrc/lib/agents/ClaudeRunner.tssrc/lib/agents/AiderRunner.tssrc/app/api/sql/drivers/route.tssrc/lib/agents/ShellRunner.tssrc/lib/agents/DockerRunner.tssrc/lib/agents/SSHRunner.ts.claude/commands/ccp.md.claude/commands/ccc.md.mcp.json.ai/neural-loom
Network endpoints2
127.0.0.1:9600/api/sql/mcplocalhost:9600

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `src/lib/agents/ContextManager.ts` auto-creates project `.claude` command files and manages `.mcp.json` when the dashboard runs.
  • `src/lib/agents/SessionManager.ts` invokes staging initialization during runtime startup.
  • `src/lib/agents/*Runner.ts` launches Claude, Aider, shells, Docker, and SSH sessions selected through the dashboard.
  • `src/app/api/sql/drivers/route.ts` can install an allowlisted database driver after an explicit API request.
Evidence against
  • `package.json` has only `prepublishOnly`; no install-time lifecycle hook executes for consumers.
  • `bin/cli.js` requires an explicit CLI invocation and starts Next.js bound to `127.0.0.1` by default.
  • `bin/cli.js` MCP bridge posts only to the local `127.0.0.1` backend.
  • No source evidence of credential harvesting, remote exfiltration, hidden payload loading, or destructive behavior.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 76 file(s), 639 KB of source, external domains: cli.github.com, www.docker.com

Source & flagged code

8 flagged · loading source
bin/cli.jsView file
3L4: const { spawn } = require('child_process'); L5: const path = require('path');
High
Child Process

Package source references child process execution.

bin/cli.jsView on unpkg · L3
3L4: const { spawn } = require('child_process'); L5: const path = require('path'); ... L8: const readline = require('readline'); L9: const http = require('http'); L10: L11: let wsRoot = process.argv[3] || process.env.ORIGINAL_CWD || process.cwd(); L12: wsRoot = path.resolve(wsRoot).replace(/\\/g, '/');
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

bin/cli.jsView on unpkg · L3
src/lib/agents/AiderRunner.tsView file
79const useCmd = isWindows(); L80: const shellPath = useCmd ? (process.env.COMSPEC || "cmd.exe") : findGitBash(); L81: if (!shellPath) {
High
Shell

Package source references shell execution.

src/lib/agents/AiderRunner.tsView on unpkg · L79
src/app/api/sessions/stats/route.tsView file
14/* eslint-disable @typescript-eslint/no-require-imports */ L15: const pidusage = eval("require")("pidusage"); L16: const stat = await pidusage(pid);
Low
Eval

Package source references a known benign dynamic code generation pattern.

src/app/api/sessions/stats/route.tsView on unpkg · L14
src/lib/agents/ClaudeRunner.tsView file
78L79: // Check if 'claude' command exists in PATH, fallback to npx if not L80: let baseCmd = "claude"; ... L82: const checkCmd = isWindows() ? "where.exe claude" : "which claude"; L83: execSync(checkCmd, { env: customEnv, stdio: "ignore" }); L84: } catch {
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/lib/agents/ClaudeRunner.tsView on unpkg · L78
bin/fix-pwa-ubuntu.shView file
path = bin/fix-pwa-ubuntu.sh kind = build_helper sizeBytes = 1700 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

bin/fix-pwa-ubuntu.shView on unpkg
.next/static/media/5ce348bf30bf5439-s.0zgw-jeven.3w.woff2View file
path = .[redacted]-s.0zgw-jeven.3w.woff2 kind = high_entropy_blob sizeBytes = 6204 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

.next/static/media/5ce348bf30bf5439-s.0zgw-jeven.3w.woff2View on unpkg
src/app/api/git/route.tsView file
matchType = previous_version_dangerous_delta matchedPackage = neural-loom@0.4.0-rc.12 matchedIdentity = npm:bmV1cmFsLWxvb20:0.4.0-rc.12 similarity = 0.753 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

src/app/api/git/route.tsView on unpkg

Findings

1 Critical5 High4 Medium7 Low
CriticalPrevious Version Dangerous Deltasrc/app/api/git/route.ts
HighChild Processbin/cli.js
HighShellsrc/lib/agents/AiderRunner.ts
HighSame File Env Network Executionbin/cli.js
HighRuntime Package Installsrc/lib/agents/ClaudeRunner.ts
HighShips High Entropy Blob.next/static/media/5ce348bf30bf5439-s.0zgw-jeven.3w.woff2
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperbin/fix-pwa-ubuntu.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalsrc/app/api/sessions/stats/route.ts
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License