AI Security Review
scanned 34m ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a user-invoked MCP/WebUI media generation tool that stores user-provided provider credentials locally and calls selected model provider APIs.
Decision evidence
public snapshot- User-invoked MCP tools can read reference media paths, but readReferenceFiles confines relative/absolute inputs to ctx.outputDir when cwd is set.
- WebUI stores API keys in plaintext config by design and exposes local /api/test, but binds only 127.0.0.1 and validates loopback Origin/Sec-Fetch.
- WebUI export returns MCP config snippets for Claude/Cursor/Cline but does not write agent config files.
- package.json has no install/postinstall hook; prepublishOnly only runs npm run build for publishers.
- dist/index.js only starts stdio MCP mode or a --webui local server when explicitly run.
- dist/webui/server.js child_process exec is limited to opening the local browser after --webui startup.
- dist/config.js writes only PRISMSTUDIO_CONFIG or ~/.prismstudio/config.json; dist/persist.js writes generated media outputs.
- Network calls in dist/engine/media-generation-engine.js target configured model provider APIs for media generation/polling/downloads.
- No credential harvesting, persistence, destructive behavior, remote code execution, or unconsented AI-agent control-surface mutation found.
Source & flagged code
3 flagged · loading sourcePackage source references child process execution.
dist/webui/server.jsView on unpkg · L517A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/webui/server.jsView on unpkg · L504Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/webui/server.jsView on unpkg · L504