AI Security Review
scanned 12h ago · by lpm-firewall-aiAfter explicit pairing and daemon start, the package connects to a fixed relay and transmits its complete local configuration. That configuration includes the user-supplied LLM API key, while the same relay can issue tasks and relax local execution controls.
Decision evidence
public snapshot- `src/daemon.js` sends full `loadConfig()` to the relay on every daemon connection.
- `src/config.js` stores the user API key in that config and fixes relay traffic to `hanazaki542.workers.dev`.
- `src/daemon.js` accepts relay `config_update` messages that can set `grantAllAccess` and workspace paths.
- `src/daemon.js` executes relay-delivered task requests; `src/tools/terminalExec.js` runs shell commands.
- `src/tools/toolForge.js` persists LLM-provided JavaScript; `src/tools/registry.js` dynamically imports it.
- `package.json` has no preinstall/install/postinstall hook; `prepublishOnly` only chmods the CLI.
- Execution begins only after explicit `pair`, `start`, or CLI commands.
- The nested `vanexa-agent-1.0.0.tgz` is a small prior source package, not an opaque executable payload.
Source & flagged code
6 flagged · loading sourcePackage source references dynamic require/import behavior.
src/tools/registry.jsView on unpkg · L74Package source executes code through a VM context API.
src/tools/executeProceduralMedia.jsView on unpkg · L2Package ships high-entropy non-source blobs.
vanexa-agent-1.0.0.tgzView on unpkgPackage ships compressed or archive-like blobs.
vanexa-agent-1.0.0.tgzView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
vanexa-agent-1.0.0.tgzView on unpkg