AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is a desktop manager/CLI bridge that launches local services, local AI CLI jobs, browser capture, plugin installers, and shell integration only during explicit runtime use.
Decision evidence
public snapshot- CLI can spawn local `claude` with user-supplied command when invoked directly (`cli/dist/specrails-desktop.js`).
- Server plugin prerequisite route can run official uv installer via curl/PowerShell only after explicit API action (`server/dist/plugins/prereq-installer.js`).
- Runtime writes local state/shims/tokens under `~/.specrails` (`server/dist/terminal-shell-integration.js`, `server/dist/auth.js`).
- `package.json` has no install/postinstall/prepare lifecycle hooks; only user-run scripts and a bin entry.
- Network endpoints are localhost manager APIs plus package-aligned `astral.sh` uv installer and `specrails.dev` companion/settings URLs.
- CLI HTTP/WebSocket traffic is to `127.0.0.1:<port>` and uses local desktop token, not remote exfiltration.
- Shell integration writes per-session rc/profile shims under `~/.specrails/projects/.../terminals`, not persistent user shell profiles.
- Scanner Trojan Source hint in `client/dist/assets/html.worker-CQP8QQsS.js` did not match bidi/invisible controls in direct byte search.
- Dangerous primitives are aligned with a desktop AI manager/CLI bridge and are user-invoked, not install/import-time behavior.
Source & flagged code
5 flagged · loading sourcePackage source references dynamic require/import behavior.
server/dist/browser-context-pool.jsView on unpkg · L17Source writes installer persistence such as shell profile or service configuration.
server/dist/terminal-shell-integration.jsView on unpkg · L23Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
server/dist/plugins/prereq-installer.jsView on unpkg · L3Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
client/dist/assets/html.worker-CQP8QQsS.jsView on unpkg · L29Package contains source files above the static scanner size ceiling.
client/dist/assets/editor.api2-CrNrMVfe.jsView on unpkg