AI Security Review
scanned 15d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package has powerful user-invoked AI development, MCP, local config, telemetry, and network behavior aligned with its stated visual web development tool purpose.
Static reason
No blocking static signals were detected.
Trigger
User runs rivet CLI commands such as login, mcp, install/update harnesses, or starts the local server.
Impact
Expected project/config changes and network calls for an authenticated AI design tool; no evidence of credential harvesting, lifecycle execution, persistence, or covert exfiltration.
Mechanism
User-invoked local development server, auth storage, telemetry/feature flags, and AI agent orchestration.
Rationale
Static inspection shows package-aligned CLI/runtime behavior with no install-time execution beyond husky prepare and no covert credential harvesting or exfiltration. Dynamic import, network calls, token storage, child_process use, and MCP config writes are tied to explicit Rivet AI development workflows rather than unconsented package installation or import.
Evidence
package.jsonbin/rivet.jsdist/index.jsdist/config/proxy.jsdist/config/telemetry.jsdist/services/ConfigManager.jsdist/services/AuthService.jsdist/services/agent/AgentCore.jsdist/install/harnesses.js~/.rivet/config.json~/Library/Application Support/Claude/claude_desktop_config.json%APPDATA%/Claude/claude_desktop_config.json~/.config/Claude/claude_desktop_config.json
Network endpoints6
rivet-proxy.onrender.comrivet-core-production.up.railway.apprivet-prototype-host.onrender.comvdonwyzxpnsrihtrrvza.supabase.co/functions/v1/send-support-ticketrivet-proxy.onrender.com/ingestcursor.com/install-mcp
Decision evidence
public snapshotAI called this Clean at 87.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no install/postinstall hook; prepare is husky and publish scripts are maintainer-only.
- bin/rivet.js only sets NODE_ENV, redirects MCP logs, imports dist/index.js, and runs main on CLI invocation.
- dist/config/proxy.js network hosts are Rivet service endpoints for auth, gateway, prototype hosting, support, and telemetry.
- dist/services/ConfigManager.js stores Rivet auth tokens under ~/.rivet/config.json with mode 0600 for user-invoked login flows.
- dist/install/harnesses.js writes MCP editor config only through explicit install/update harness commands, not at package install/import time.
- dist/services/agent/AgentCore.js eval is used for dynamic ESM import of @anthropic-ai/claude-agent-sdk in the declared AI code-modification feature.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetwork
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
CopyleftLicense
Source & flagged code
3 flagged · loading sourcedist/services/agent/AgentCore.jsView file
101// Use eval to prevent TypeScript from transforming to require()
L102: const claudeSDK = await eval("import('@anthropic-ai/claude-agent-sdk')");
L103: // Wrap with Context Company observability when TCC_API_KEY is configured
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/services/agent/AgentCore.jsView on unpkg · L101bin/rivet.jsView file
4L5: const fs = require('fs');
L6: const path = require('path');
Medium
Dynamic Require
Package source references dynamic require/import behavior.
bin/rivet.jsView on unpkg · L4src/ui/dist/fonts/Satoshi-VariableItalic.woff2View file
•path = src/ui/dist/fonts/Satoshi-VariableItalic.woff2
kind = high_entropy_blob
sizeBytes = 43844
magicHex = [redacted]
High
Ships High Entropy Blob
Package ships high-entropy non-source blobs.
src/ui/dist/fonts/Satoshi-VariableItalic.woff2View on unpkgFindings
1 High4 Medium9 Low
HighShips High Entropy Blobsrc/ui/dist/fonts/Satoshi-VariableItalic.woff2
MediumDynamic Requirebin/rivet.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/services/agent/AgentCore.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowCopyleft License