AI Security Review
scanned 3h ago · by lpm-firewall-aiThe optional memory filesystem helper can read, write, rename, and recursively delete files below an environment-selected root. It is not invoked during install or import, but constitutes an agent-facing local filesystem capability when explicitly called.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Explicit runtime call to `runMemoryFsCommand` with a `memory` or `file` request.
Impact
A caller able to control the request and `TERSE_FS_ROOT` can alter or remove files under that selected root.
Mechanism
Environment-rooted local filesystem read/write/delete command dispatcher.
Rationale
The package has no install-time execution, credential harvesting, foreign control-surface mutation, or remote payload execution. Its explicit filesystem command API remains a meaningful dual-use capability, so it warrants a warning rather than a block.
Evidence
package.jsondist/index.jsdist/memoryfs/index.jsdist/memoryfs/paths.jsdist/memoryfs/store.jsdist/memoryfs/file.jsdist/memoryfs/memory.js
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `dist/memoryfs/index.js` exposes `runMemoryFsCommand` with write/delete-capable commands.
- `TERSE_FS_ROOT` can select the local filesystem root used by that command.
- `dist/memoryfs/store.js` performs recursive deletion and file writes.
Evidence against
- `package.json` defines no preinstall/install/postinstall lifecycle hooks.
- Filesystem operations require an explicit `runMemoryFsCommand` call; no import-time invocation found.
- Network requests target the package backend `https://api.useterse.ai` and use configured Terse credentials.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourcedist/memoryfs/index.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = terse-sdk@0.2.4
matchedIdentity = npm:dGVyc2Utc2Rr:0.2.4
similarity = 0.900
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/memoryfs/index.jsView on unpkgFindings
1 High2 Medium5 Low
HighPrevious Version Dangerous Deltadist/memoryfs/index.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License