AI Security Review
scanned 11d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The suspicious primitives are aligned with a universal server CLI that serves local entrypoints, static files, and explicit fetch requests.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs the srvx CLI or imports package adapters.
Impact
No unauthorized impact identified by static inspection.
Mechanism
User-invoked server framework and CLI utilities
Rationale
Static inspection found potentially dangerous primitives only in package-aligned, user-invoked paths: running a dev server, loading the user's server entry, serving static files, or fetching explicit URLs. There is no install-time execution, hidden endpoint, credential collection, persistence, destructive behavior, or unconsented agent-control mutation.
Evidence
package.jsonbin/srvx.mjsdist/cli.mjsdist/loader.mjsdist/static.mjsdist/adapters/node.mjsdist/_chunks/_plugins.mjs
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
- dist/cli.mjs forks its own CLI process for dev/watch mode and supports user-specified --import.
- dist/loader.mjs dynamically imports a user-selected server entry file.
- dist/cli.mjs fetch mode can request user-provided remote URLs.
Evidence against
- package.json has no install/postinstall lifecycle hooks; only prepack is publish-time.
- bin/srvx.mjs only delegates to dist/cli.mjs main().
- Child process, dynamic import, env loading, and fetch are CLI/server-framework features activated by user commands.
- No credential harvesting, hardcoded exfiltration endpoint, persistence, destructive file writes, or AI-agent control-surface mutation found.
- dist/static.mjs only reads requested files under a configured static directory with path containment.
Behavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
WildcardDependency
Source & flagged code
4 flagged · loading sourcedist/cli.mjsView file
4import { fileURLToPath } from "node:url";
L5: import { fork } from "node:child_process";
L6: import { createReadStream, existsSync, statSync } from "node:fs";
High
372async function forkCLI(args, runtimeArgs) {
L373: const child = fork(fileURLToPath(globalThis.__SRVX_BIN__ || new URL("../bin/srvx.mjs", import.meta.url)), [...args], { execArgv: [...process.execArgv, ...runtimeArgs].filter(Boolea...
L374: child.on("error", (error) => {
High
4Cross-file remote execution chain: dist/cli.mjs spawns dist/loader.mjs; helper contains network access plus dynamic code execution.
L4: import { fileURLToPath } from "node:url";
L5: import { fork } from "node:child_process";
L6: import { createReadStream, existsSync, statSync } from "node:fs";
...
L11: try {
L12: if (!process.env.NODE_ENV) process.env.NODE_ENV = cliOpts.prod ? "production" : "development";
L13: let server;
...
L90: }
L91: async function cliFetch(cliOpts) {
L92: const stdin = cliOpts.stdin || process.stdin;
L93: const stdout = cliOpts.stdout || process.stdout;
L94: const stderr = cliOpts.stderr || process.stderr;
...
L103: if (cliOpts.verbose && loaded.url) {
High
Cross File Remote Execution Context
Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/cli.mjsView on unpkg · L4dist/loader.mjsView file
41if (opts.interceptHttpListen !== false) {
L42: const loaded = await interceptListen(() => import(url), opts);
L43: mod = loaded.res;
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/loader.mjsView on unpkg · L41Findings
3 High4 Medium4 Low
HighChild Processdist/cli.mjs
HighShelldist/cli.mjs
HighCross File Remote Execution Contextdist/cli.mjs
MediumDynamic Requiredist/loader.mjs
MediumNetwork
MediumEnvironment Vars
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings