AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface identified in inspected entrypoints and scanner-flagged files. Risky behaviors are explicit desktop/AI-agent product features: local manager HTTP, user-invoked AI CLI/shell execution, and prerequisite installation.
Decision evidence
public snapshot- package.json has no preinstall/install/postinstall lifecycle hooks; only bin maps to cli/dist/specrails-desktop.js.
- cli/dist/specrails-desktop.js contacts only localhost manager endpoints and reads only local Specrails desktop tokens for Authorization.
- server/dist/plugins/prereq-installer.js installs only named prereq uv via Astral URLs, with SPECRAILS_PREREQ_NOOP test escape hatch.
- server/dist/loop-executors.js process spawning is product-aligned AI CLI/shell execution for user jobs, with timeouts and workspace/repo env handling.
Source & flagged code
6 flagged · loading sourcePackage source references dynamic require/import behavior.
server/dist/browser-context-pool.jsView on unpkg · L17Source writes installer persistence such as shell profile or service configuration.
server/dist/terminal-shell-integration.jsView on unpkg · L23Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
server/dist/plugins/prereq-installer.jsView on unpkg · L3Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
client/dist/assets/html.worker-CQP8QQsS.jsView on unpkg · L29Package contains source files above the static scanner size ceiling.
client/dist/assets/ts.worker-METxwbDZ.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
server/dist/loop-executors.jsView on unpkg