AI Security Review
scanned 2h ago · by lpm-firewall-aiThe user-invoked local UI exposes a localhost WebSocket terminal without authentication or Origin checks. A connected client can choose a working directory and send shell commands.
Decision evidence
public snapshot- `dist-server/index.mjs` accepts unauthenticated WebSocket terminal connections.
- The `/api/terminal` query accepts arbitrary `cwd` and `cmd`, then starts a user shell.
- Terminal input is forwarded directly to the PTY; no Origin or session validation is present.
- `package.json` has no preinstall/install/postinstall hook; `prepare` only runs `vp config`.
- The server explicitly binds to `127.0.0.1`.
- `bin/pi-workspace.mjs` invokes update/build actions only through explicit CLI commands.
- Network use is package-aligned: npm version lookup and configured model-provider requests.
- No source evidence of credential exfiltration, hidden persistence, or destructive behavior.
Source & flagged code
3 flagged · loading sourcePackage source references child process execution.
dist-server/index.mjsView on unpkg · L8A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist-server/index.mjsView on unpkg · L1437This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/pi-workspace.mjsView on unpkg