AI Security Review
scanned 12d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Risky primitives are tied to explicit web-search/MCP setup, local SearXNG bootstrap, user plugin loading, or configured LLM/search providers.
Decision evidence
public snapshot- package.json has no lifecycle scripts; main/bin dist/index.js only dispatches explicit CLI commands.
- dist/searxng/docker.js uses docker execSync only for user-invoked local SearXNG startup on 127.0.0.1.
- dist/searxng/bootstrap.js downloads SearXNG and runs pip/tar during warmup/init, package-aligned local search setup.
- dist/watch/ssrf.js blocks localhost, private IPv4/IPv6, and metadata.google.internal for guarded URLs.
- dist/plugins/loader.js imports only plugins from configured user pluginsDir, not remote code.
- assets/blocks/codex/AGENTS.md.block is installed only by setup/init agent configuration and promotes package MCP tools; no covert install-time mutation.
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
dist/searxng/docker.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/plugins/loader.jsView on unpkg · L84Package source references weak cryptographic algorithms.
dist/search/evidence.jsView on unpkg · L1Source reaches cloud instance metadata or link-local credential endpoints.
dist/watch/ssrf.jsView on unpkg · L1Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/extraction/site-extractors/amazon.jsView on unpkg · L249A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/extraction/site-extractors/amazon.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/cli/doctor.jsView on unpkg · L61