AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface found. Risky primitives are aligned with a desktop AI/project manager: local server control, user-invoked AI CLI spawning, optional prerequisite install, mobile companion signaling, and local app state files.
Decision evidence
public snapshot- package.json has no install/preinstall/postinstall lifecycle hooks; only bin cli/dist/specrails-desktop.js.
- cli/dist/specrails-desktop.js talks only to localhost manager by default and otherwise user-invokes claude with the supplied command.
- server/dist/providers/gemini-adapter.js is a provider adapter spawning local gemini CLI; no import/install-time execution.
- server/dist/plugins/prereq-installer.js installs uv from astral.sh only when installPrerequisite('uv') is called, with test noop gate.
- server/dist/terminal-shell-integration.js writes temporary shell shims under ~/.specrails for terminal sessions, not persistent shell profiles.
- client/dist/assets/html.worker-CQP8QQsS.js Unicode hits are bundled HTML entity data/worker content, not Trojan Source control flow.
Source & flagged code
6 flagged · loading sourcePackage source references dynamic require/import behavior.
server/dist/browser-context-pool.jsView on unpkg · L17Source writes installer persistence such as shell profile or service configuration.
server/dist/terminal-shell-integration.jsView on unpkg · L23Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
server/dist/plugins/prereq-installer.jsView on unpkg · L3Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
client/dist/assets/html.worker-CQP8QQsS.jsView on unpkg · L29Package contains source files above the static scanner size ceiling.
client/dist/assets/ts.worker-METxwbDZ.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
server/dist/providers/gemini-adapter.jsView on unpkg