AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Risky primitives are part of a desktop AI/project manager: local loopback control, user-invoked AI CLI spawning, browser capture, project shell integration, and explicit plugin setup.
Decision evidence
public snapshot- package.json has no install/preinstall/postinstall lifecycle hooks; bin is cli/dist/specrails-desktop.js.
- cli/dist/specrails-desktop.js only acts when invoked: talks to loopback manager or spawns local claude with the user's prompt.
- server/dist/file-provenance.js runs bounded git commands for project diff provenance and strips hook/fsmonitor config.
- server/dist/plugins/prereq-installer.js installs only uv from astral.sh behind an explicit prerequisite install path, with test noop gate.
- server/dist/terminal-shell-integration.js writes temporary shell shims under ~/.specrails/projects and removes stale/session dirs.
- server/dist/plugins/claude-md-mutation.js and codex-mcp.js scope AI-agent config changes to explicit plugin/project actions, not lifecycle execution.
Source & flagged code
6 flagged · loading sourcePackage source references dynamic require/import behavior.
server/dist/browser-context-pool.jsView on unpkg · L17Source writes installer persistence such as shell profile or service configuration.
server/dist/terminal-shell-integration.jsView on unpkg · L23Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
server/dist/plugins/prereq-installer.jsView on unpkg · L3Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
client/dist/assets/html.worker-CQP8QQsS.jsView on unpkg · L29Package contains source files above the static scanner size ceiling.
client/dist/assets/ts.worker-METxwbDZ.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
server/dist/file-provenance.jsView on unpkg