AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established by source inspection. Risky primitives are tied to the desktop app's explicit local manager, agent workflow, plugin setup, and terminal integration features rather than install-time or hidden behavior.
Decision evidence
public snapshot- cli/dist/specrails-desktop.js can spawn local claude with --dangerously-skip-permissions when user runs a prompt and no manager is reachable
- server/dist/plugins/prereq-installer.js contains optional curl/PowerShell uv installer commands
- server/dist/terminal-shell-integration.js writes per-session shell shim files under user Specrails state
- package.json has no install/preinstall/postinstall lifecycle hooks
- cli/dist/specrails-desktop.js talks to loopback manager at 127.0.0.1 and falls back only on explicit CLI invocation
- server/dist/file-provenance.js git commands are cwd-scoped and harden env against hooks/fsmonitor prompts
- server/dist/plugins/prereq-installer.js installer is limited to uv and exposed as a named prerequisite action
- server/dist/plugins/claude-approval.js only disables marketplace plugins through an explicit function; no import/install-time mutation found
- .claude/commands/specrails/*.md are workflow prompts shipped as command files, not auto-installed or executed by npm
Source & flagged code
6 flagged · loading sourcePackage source references dynamic require/import behavior.
server/dist/browser-context-pool.jsView on unpkg · L17Source writes installer persistence such as shell profile or service configuration.
server/dist/terminal-shell-integration.jsView on unpkg · L23Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
server/dist/plugins/prereq-installer.jsView on unpkg · L3Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
client/dist/assets/html.worker-CQP8QQsS.jsView on unpkg · L29Package contains source files above the static scanner size ceiling.
client/dist/assets/ts.worker-METxwbDZ.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
server/dist/file-provenance.jsView on unpkg