AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The flagged child-process use runs bundled ripgrep for documentation search or user-invoked local CLI/server commands.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Explicit telodocs new, dev, or start command; MCP requests to a running local server.
Impact
No source evidence of credential harvesting, exfiltration, remote payload execution, or AI-agent configuration mutation.
Mechanism
Local documentation scaffolding, serving, and docs-directory search.
Rationale
Static hints map to legitimate package behavior: an explicit documentation CLI and MCP server. Source inspection found no install-time execution or concrete malicious chain.
Evidence
package.jsondist/cli/index.jsdist/cli/commands/new.jsdist/cli/commands/serve.jsdist/server/search/search.service.jsdist/server/mcp/mcp.service.jstemplate/**docs/**.env.git/**
Decision evidence
public snapshotAI called this Clean at 97.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has only prepublishOnly; no install lifecycle hook.
- dist/cli/index.js only registers explicit new/dev/start commands.
- dist/cli/commands/serve.js spawns local server commands only after user invokes dev/start.
- dist/server/search/search.service.js confines reads/searches to configured docsDir.
- No outbound HTTP/network client imports found in inspected server/CLI code.
- dist/cli/commands/new.js writes only an explicit user-requested scaffold and optionally initializes its git repo.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
3 flagged · loading sourcedist/server/search/search.service.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = telodocs@0.2.2
matchedIdentity = npm:dGVsb2RvY3M:0.2.2
similarity = 0.846
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/server/search/search.service.jsView on unpkg23const fast_glob_1 = __importDefault(require("fast-glob"));
L24: const node_child_process_1 = require("node:child_process");
L25: const config_schema_1 = require("../core/config/config.schema");
High
Child Process
Package source references child process execution.
dist/server/search/search.service.jsView on unpkg · L23dist/cli/commands/serve.jsView file
20const entry = resolveServerEntry(packageRoot);
L21: const child = (0, node_child_process_1.spawn)(process.platform === "win32" ? "npx.cmd" : "npx", ["tsx", "watch", entry], {
L22: cwd: process.cwd(),
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/cli/commands/serve.jsView on unpkg · L20Findings
1 Critical2 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/server/search/search.service.js
HighChild Processdist/server/search/search.service.js
HighRuntime Package Installdist/cli/commands/serve.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings