AI Security Review
scanned 2h ago · by lpm-firewall-aiRunning the CLI connects it to a configured local Tauri MCP socket and registers powerful MCP tools. An MCP client can invoke arbitrary webview JavaScript, backend IPC, storage operations, screenshots, and app restart/force-kill actions.
Decision evidence
public snapshot- `build/tools/execute_js.js` exposes arbitrary JavaScript execution in a target Tauri webview.
- `build/tools/manage_ipc.js` forwards backend IPC commands through the local socket.
- `build/tools/manage_storage.js` can read or clear application storage and cookies.
- `build/tools/restart_app.js` can kill the socket-owning app process after a failed restart.
- `build/tools/client.js` optionally connects to a TCP host supplied by environment variables.
- `package.json` has no install, preinstall, or postinstall lifecycle hook; `prepublishOnly` is publish-time only.
- `build/index.js` starts only as the explicit CLI/MCP server and uses stdio transport.
- `build/tools/client.js` defaults to a local Unix socket or `127.0.0.1:9999`; no hard-coded external endpoint exists.
- No source reads unrelated credentials or exfiltrates data over HTTP.
- No package code writes AI-agent configuration or establishes persistence.
Source & flagged code
5 flagged · loading source`build/tools/execute_js.js` exposes arbitrary JavaScript execution in a target Tauri webview.
build/tools/execute_js.jsView on unpkg`build/tools/manage_ipc.js` forwards backend IPC commands through the local socket.
build/tools/manage_ipc.jsView on unpkg`build/tools/manage_storage.js` can read or clear application storage and cookies.
build/tools/manage_storage.jsView on unpkg`build/tools/restart_app.js` can kill the socket-owning app process after a failed restart.
build/tools/restart_app.jsView on unpkg`build/tools/client.js` optionally connects to a TCP host supplied by environment variables.
build/tools/client.jsView on unpkg