registry  /  nuwax-file-server  /  1.3.2

nuwax-file-server@1.3.2

Cross-platform file service deployment tool with start/stop/restart CLI commands

AI Security Review

scanned 5d ago · by lpm-firewall-ai

No install-time malware was found, but the runtime service exposes unauthenticated command execution and agent hook configuration APIs. This is a serious dual-use/critical vulnerability surface rather than confirmed malicious package behavior.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User explicitly starts the service with the CLI/server, then a network client calls exposed API routes.
Impact
Remote clients that can reach the service may execute shell commands in workspaces or alter agent hook control files.
Mechanism
unauthenticated runtime command execution and AI-agent hook/config writes
Attack narrative
When the service is started, Express listens on the configured port and mounts computer/build/project APIs. The computer route accepts a command and computerUtils executes it with child_process.exec in the selected workspace. Other routes can write agent hook/config files from request parameters. I found no lifecycle execution, hidden payload, or hardcoded exfiltration endpoint, so this is not confirmed malware, but the exposed runtime surface is dangerous if reachable by untrusted clients.
Rationale
Static source inspection does not support a malicious verdict because risky behavior is tied to the advertised file/deployment server and user/API invocation, with no install-time execution or attacker endpoint. The unauthenticated command execution and agent-control writes are severe enough to warn as dangerous capability/critical vulnerability.
Evidence
package.jsondist/cli.jsdist/server.jsdist/routes/computerRoutes.jsdist/utils/computer/computerUtils.jsdist/utils/computer/hookConfigUtils.jsdist/scheduler/pnpmPruneScheduler.jsdist/utils/buildArg/portUtils.jsCOMPUTER_WORKSPACE_DIR/<userId>/<cId>COMPUTER_WORKSPACE_DIR/<userId>/<cId>/.codex/hooks.jsonCOMPUTER_WORKSPACE_DIR/<userId>/<cId>/.claude/settings.jsonCOMPUTER_WORKSPACE_DIR/<userId>/<cId>/.opencode/plugins/tmp/nuwax-file-server/server.pid/tmp/nuwax-file-server/start.lock
Network endpoints5
/api/computer/execute-command/api/computer/create-workspace-v2/api/computer/push-skills-to-workspace-v2/api/build/start-dev/health

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Critical Vulnerability with medium false-positive risk.
Evidence for warning
  • dist/server.js starts an Express API on configured PORT without visible authentication
  • dist/routes/computerRoutes.js exposes POST /api/computer/execute-command
  • dist/utils/computer/computerUtils.js executes user-supplied command via child_process.exec in workspace
  • dist/utils/computer/hookConfigUtils.js can write .codex/.claude/.opencode hook configs from API-supplied fields
Evidence against
  • package.json has no install/postinstall hook; prepublishOnly only runs build for publisher
  • dist/cli.js only starts/stops/statuses the service on explicit bin command
  • No hardcoded exfiltration host or attacker URL found; fetch/curl URLs are user-supplied hook or skill URLs
  • dist/utils/buildArg/portUtils.js shell usage is port/process inspection, not reverse shell wiring
  • pnpm prune scheduler runs package-aligned maintenance command
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 62 file(s), 298 KB of source, external domains: 127.0.0.1, registry.npmmirror.com

Source & flagged code

4 flagged · loading source
dist/scheduler/pnpmPruneScheduler.jsView file
1import o from"node-cron";import{exec as a}from"child_process";import"fs";import"path";import{log as e}from"../utils/log/logUtils.js";class h{constructor(s={}){this.config={enabled:... L2: `)}}async getStoreStatus(){try{const s=await this.runCommand("pnpm store path");if(!s.success)return null;const t=s.stdout.trim(),r=await this.runCommand(`du -sh "${t}"`),c=r.succe...
High
Child Process

Package source references child process execution.

dist/scheduler/pnpmPruneScheduler.jsView on unpkg · L1
dist/cli.jsView file
1#!/usr/bin/env node L2: import{Command as ee}from"commander";import{createRequire as te}from"module";import f from"path";import U from"os";import c from"fs-extra";import{spawn as E}from"cross-spawn";impor...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/cli.jsView on unpkg · L1
dist/utils/buildArg/portUtils.jsView file
1import p from"fs";import G from"net";import{execSync as d}from"child_process";import{log as a}from"../log/logUtils.js";function E(t){if(!t||typeof t!="string")return;let n=t.match(... L2: `).filter(o=>o).map(o=>Number(o));if(s.length>0)return s}catch{}try{const n=`ps -eo pid,ppid | awk '$2==${t} {print $1}'`,r=d(n,{stdio:["ignore","pipe","ignore"],timeout:2e3,killSi... ... L7: `).filter(o=>o).map(o=>Number(o))}catch{return[]}}function I(t,n=1e4,r=500,e="default"){return new Promise(s=>{let o=!1,c=0;const i=Math.ceil(n/r);a(e,"INFO","Start waiting for lis... L8: `).reverse();for(const f of l){if(f.match(/^\[[\d\/\s:]+\]/)||/(EADDRINUSE|address already in use|Error:\s*listen)/i.test(f)||/^(\s|\t)*(code|errno|syscall|address|port)\s*:/i.test...
Critical
Reverse Shell

Source matches reverse-shell style process and socket wiring.

dist/utils/buildArg/portUtils.jsView on unpkg · L1
1import p from"fs";import G from"net";import{execSync as d}from"child_process";import{log as a}from"../log/logUtils.js";function E(t){if(!t||typeof t!="string")return;let n=t.match(... L2: `).filter(o=>o).map(o=>Number(o));if(s.length>0)return s}catch{}try{const n=`ps -eo pid,ppid | awk '$2==${t} {print $1}'`,r=d(n,{stdio:["ignore","pipe","ignore"],timeout:2e3,killSi... ... L7: `).filter(o=>o).map(o=>Number(o))}catch{return[]}}function I(t,n=1e4,r=500,e="default"){return new Promise(s=>{let o=!1,c=0;const i=Math.ceil(n/r);a(e,"INFO","Start waiting for lis... L8: `).reverse();for(const f of l){if(f.match(/^\[[\d\/\s:]+\]/)||/(EADDRINUSE|address already in use|Error:\s*listen)/i.test(f)||/^(\s|\t)*(code|errno|syscall|address|port)\s*:/i.test...
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/utils/buildArg/portUtils.jsView on unpkg · L1

Findings

1 Critical4 High3 Medium5 Low
CriticalReverse Shelldist/utils/buildArg/portUtils.js
HighChild Processdist/scheduler/pnpmPruneScheduler.js
HighShell
HighSame File Env Network Executiondist/cli.js
HighSandbox Evasion Gated Capabilitydist/utils/buildArg/portUtils.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings