AI Security Review
scanned 12d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established by source inspection. The package is an MCP/web intelligence CLI with user-invoked setup, warmup, crawling, local cache, and optional plugin behavior.
Decision evidence
public snapshot- CLI commands can modify user agent MCP configs when explicitly run: dist/cli/setup-mcp.js -> dist/cli/tui/config-writer.js.
- Runtime warmup downloads Playwright browsers/ML models and bootstraps SearXNG from GitHub on user command: dist/cli/warmup.js, dist/searxng/bootstrap.js.
- Plugin loader dynamically imports user-installed plugins from configured pluginsDir: dist/plugins/loader.js.
- SearXNG Docker mode runs docker commands for local container management: dist/searxng/docker.js.
- package.json has no install/preinstall/postinstall lifecycle hooks; entrypoint only dispatches CLI commands.
- Config writes are user-invoked setup/init behavior for MCP integration, not install-time or import-time mutation.
- Network use is package-aligned web search/fetch/crawl and local SearXNG/bootstrap functionality; no hardcoded exfiltration endpoint found.
- dist/watch/ssrf.js blocks localhost/private IPv4/IPv6 and metadata hostnames including metadata.google.internal and 169.254/16.
- dist/extraction/site-extractors/amazon.js is an Amazon product-page parser; inspected code shows parsing logic, not hidden execution or exfiltration.
- Doctor masks API keys when reporting env/key-store status rather than printing full secrets.
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
dist/searxng/docker.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/plugins/loader.jsView on unpkg · L84Package source references weak cryptographic algorithms.
dist/search/evidence.jsView on unpkg · L1Source reaches cloud instance metadata or link-local credential endpoints.
dist/watch/ssrf.jsView on unpkg · L1Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/extraction/site-extractors/amazon.jsView on unpkg · L249A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/extraction/site-extractors/amazon.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/cli/doctor.jsView on unpkg · L61