AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a desktop/CLI manager for Specrails workflows and contains user-invoked local process, browser, shell integration, and localhost API behavior that matches its stated functionality.
Decision evidence
public snapshot- CLI fallback runs local `claude` with `--dangerously-skip-permissions` when manager is absent (`cli/dist/specrails-desktop.js`).
- User-invoked prerequisite installer downloads and pipes Astral uv install scripts via curl/PowerShell (`server/dist/plugins/prereq-installer.js`).
- Shell integration writes temporary per-session shell rc/profile shims under `~/.specrails/projects` (`server/dist/terminal-shell-integration.js`).
- `package.json` has no install/preinstall/postinstall lifecycle hooks; risky behavior is not install-time.
- Network use is local manager API/WebSocket on `127.0.0.1:<port>` or user-approved uv installer, aligned with desktop manager functionality.
- CLI reads `~/.specrails/desktop.token` only to authenticate to the local manager, not exfiltrate it.
- Browser profile under `~/.specrails/browser-profile` supports explicit website capture with Playwright, not background credential harvesting.
- No evidence of persistence beyond session shims, destructive actions, obfuscated staged payloads, or external exfiltration endpoints in inspected files.
Source & flagged code
5 flagged · loading sourcePackage source references dynamic require/import behavior.
server/dist/browser-context-pool.jsView on unpkg · L17Source writes installer persistence such as shell profile or service configuration.
server/dist/terminal-shell-integration.jsView on unpkg · L23Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
server/dist/plugins/prereq-installer.jsView on unpkg · L3Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
client/dist/assets/html.worker-CQP8QQsS.jsView on unpkg · L29Package contains source files above the static scanner size ceiling.
client/dist/assets/ts.worker-METxwbDZ.jsView on unpkg