AI Security Review
scanned 3h ago · by lpm-firewall-aiThe Node worker path can execute JavaScript retrieved from a configured Supabase project's Repo-script record. This is not activated during installation or ordinary browser-entry import.
Static reason
No blocking static signals were detected.
Trigger
A consumer initializes Supabase, starts `TaskNode`, and it claims a task whose type resolves to a remote Repo script.
Impact
A party controlling the configured Supabase records can run arbitrary JavaScript with the worker process privileges.
Mechanism
Remote script source is written to a temporary ESM file, dynamically imported, then its exported task function is invoked.
Rationale
The package contains a high-risk backend-driven task execution feature, but no concrete malicious payload or unconsented install-time behavior. Treat it as a dangerous capability requiring a warning rather than a block.
Evidence
package.jsonsrc/repo/repo.script-loader.tssrc/repo/repo-manager.tssrc/node/task-node.tssrc/supabase.ts
Decision evidence
public snapshotAI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `src/repo/repo.script-loader.ts` writes `script.details.source` to a temporary `.mjs` file and dynamically imports it.
- `src/repo/repo-manager.ts` fetches remote Repo and Repo-script records from the configured Supabase project, then loads them.
- `src/node/task-node.ts` invokes the loaded repository context's `taskFn()` for claimed tasks.
- The capability is exposed only through the explicit `target-supabase-sdk/node` entrypoint.
Evidence against
- `package.json` has no `preinstall`, `install`, or `postinstall` hook.
- No `child_process`, shell execution, `eval`, or VM use appears in inspected source.
- `src/supabase.ts` requires caller-supplied Supabase URL and key; no fixed exfiltration endpoint is embedded.
- No credential harvesting, AI-agent configuration mutation, destructive filesystem action, or import-time task execution was found.
Behavioral surface
CryptoDynamicRequireEnvironmentVarsFilesystemNetwork
HighEntropyStrings
Source & flagged code
1 flagged · loading sourcedist/shared/utils/config-path.utils.jsView file
71}
L72: /** `file://` href for Node dynamic `import()` of a local module. */
L73: export function toFileImportHref(filePath) {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/shared/utils/config-path.utils.jsView on unpkg · L71Findings
3 Medium3 Low
MediumDynamic Requiredist/shared/utils/config-path.utils.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings