AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious install-time or import-time attack surface was found. The package is an AI desktop/agent platform with powerful user-invoked agent and MCP setup paths, including permission-skipping Claude fallback and project MCP/plugin writes.
Decision evidence
public snapshot- cli/dist/specrails-desktop.js runDirect invokes claude with --dangerously-skip-permissions when manager is absent
- server/dist/plugins/serena/install.js can merge mcpServers.serena into project .mcp.json and write .claude/agents/custom-serena.md
- server/dist/plugins/prereq-installer.js can run curl|sh or PowerShell installer for uv on explicit prerequisite install
- server/dist/agent-mcp-config.js writes per-conversation MCP config under ~/.specrails/agent and may write .mcp.json/.gemini/settings.json in agent cwd
- package.json has no npm lifecycle hooks, so no install-time execution found
- bin entry cli/dist/specrails-desktop.js only runs after user invokes the CLI
- Network use observed is localhost manager APIs plus documented installer/upstream plugin URLs
- Tokens are read/written under ~/.specrails for local auth and not sent to external hosts in inspected code
- MCP/agent writes are package-aligned and appear app/user-invoked rather than silent foreign control-surface mutation
Source & flagged code
6 flagged · loading sourcePackage source references dynamic require/import behavior.
server/dist/worktree-overlay.jsView on unpkg · L44Source writes installer persistence such as shell profile or service configuration.
server/dist/terminal-shell-integration.jsView on unpkg · L23Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
server/dist/plugins/prereq-installer.jsView on unpkg · L3Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
client/dist/assets/html.worker-CQP8QQsS.jsView on unpkg · L29Package contains source files above the static scanner size ceiling.
client/dist/assets/editor.api2-C3B0tp2x.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
server/dist/file-provenance.jsView on unpkg