AI Security Review
scanned 4d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package has a guarded AI-tool routing/MITM capability and explicit setup flows that write AI CLI configuration. No confirmed malicious install-time hijack or exfiltration chain was found.
Decision evidence
public snapshot- package.json runs postinstall node hooks/postinstall.js
- hooks/sqliteRuntime.js installs sql.js and better-sqlite3 into ~/.switchboard/runtime via npm install
- hooks/trayRuntime.js installs systray2 and removes legacy systray from runtime/package node_modules
- app/src/mitm/server.js runs HTTPS MITM on port 443, generates CA certs, and edits /etc/hosts for AI tool hosts
- app/.next-cli-build/server/app/api/cli-tools/codex-settings/route.js writes ~/.codex/config.toml and auth.json on API request
- src/cli/menus/cliTools.js exposes Claude/Codex/Droid/OpenClaw quick setup actions that route tools to Switchboard
- No install-time mutation of foreign AI agent configs found; agent config writes are behind explicit menu/API setup actions
- Postinstall installs pinned runtime dependencies for package-owned ~/.switchboard runtime, not arbitrary remote code
- cli.js binds to 127.0.0.1 by default and LAN exposure requires --host opt-in
- Update check only queries npm registry for this package and update action prints npm install command rather than silently updating
- The secret-like chunk is bundled JOSE/JWT implementation code, not a hardcoded credential
- No credential harvesting or exfiltration endpoint outside package-aligned routing/update behavior found
Source & flagged code
14 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
app/.next-cli-build/server/chunks/9078.jsView on unpkg · L1RSA private key in app/.next-cli-build/server/chunks/9078.js
app/.next-cli-build/server/chunks/9078.jsView on unpkg · L1Package source references child process execution.
app/src/mitm/server.jsView on unpkg · L32A single source file combines environment access, network access, and code or shell execution; review context before blocking.
app/src/mitm/server.jsView on unpkg · L24Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
app/src/mitm/server.jsView on unpkg · L24Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
cli.jsView on unpkg · L2Package source references dynamic require/import behavior.
app/server.jsView on unpkg · L1Source writes installer persistence such as shell profile or service configuration.
src/cli/tray/autostart.jsView on unpkg · L3Package source invokes a package manager install command at runtime.
app/src/lib/updater/updater.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
src/cli/tray/tray.ps1View on unpkgPackage ships high-entropy non-source blobs.
app/.next-cli-build/static/media/73cb51aac9c97f90-s.woff2View on unpkg