AI Security Review
scanned 1d ago · by lpm-firewall-aiNo malicious install-time or import-time attack was found. Residual risk is a user-invoked CLI command injection bug in browser opening when service-controlled namespace fields are included in an exec-built command.
Decision evidence
public snapshot- cli/index.js disables TLS certificate validation for the CLI process.
- cli/openBrowser.js shells out with exec(`${browserCommand} ${fullUrl}`) using URL path parts derived from user/service data.
- cli/probe.js and cli/runTests.js can invoke connected SystemLynx service methods when explicitly run by the user.
- package.json has no preinstall/postinstall/prepare lifecycle hooks.
- bin entry cli/index.js is a user-invoked SystemView CLI, not install-time code.
- Network use is package-aligned: local SystemView API and user-supplied SystemLynx service URLs.
- Writes are limited to package/project state such as api/connections.json, systemview.cookies.json, and systemview.manifest.json.
- No AI-agent control-surface writes, persistence hooks, credential harvesting, or hardcoded exfiltration endpoint found.
- build/static/js dynamic chunk loading is normal webpack/web-vitals behavior, not remote payload execution.
Source & flagged code
6 flagged · loading sourceSource downloads or fetches remote code and executes it.
build/static/js/main.6240c0f1.jsView on unpkg · L1Package source references dynamic code evaluation.
build/static/js/main.6240c0f1.jsView on unpkg · L1Package source references dynamic require/import behavior.
cli/cookieClient.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
cli/index.jsView on unpkgManifest entrypoint contains risky behavior absent from dist/build output.
cli/index.jsView on unpkg · L2