AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- package.json runs postinstall hooks/postinstall.js.
- hooks/sqliteRuntime.js installs sql.js and better-sqlite3 into ~/.9router/runtime/node_modules.
- hooks/trayRuntime.js installs systray2 and removes legacy systray from runtime/package node_modules.
- src/cli/menus/cliTools.js has explicit Quick Setup/reset flows for Claude, Codex, Droid, OpenClaw, OpenCode, Hermes settings.
- app/src/mitm/server.js is a bundled MITM proxy that can add/remove hosts entries for AI endpoints and creates a local CA.
- cli.js starts a network-exposed local server by default on 0.0.0.0:20128.
- No preinstall/install/postinstall mutation of foreign AI-agent configs found.
- Postinstall installs named runtime dependencies from npm, not arbitrary remote scripts.
- CLI tool config changes are user-selected menu actions through the local API.
- MITM hosts/CA behavior appears tied to explicit MITM feature and cleanup handlers.
- No credential harvesting or exfiltration endpoint outside package-aligned proxy/update/OAuth flows confirmed.
- Updater uses npm i -g packageName/latest behavior aligned with self-update UI.
Source & flagged code
16 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
app/.next-cli-build/server/chunks/4306.jsView on unpkg · L1RSA private key in app/.next-cli-build/server/chunks/4306.js
app/.next-cli-build/server/chunks/4306.jsView on unpkg · L1Package source references child process execution.
app/src/mitm/server.jsView on unpkg · L32A single source file combines environment access, network access, and code or shell execution; review context before blocking.
app/src/mitm/server.jsView on unpkg · L24Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
app/src/mitm/server.jsView on unpkg · L24This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
cli.jsView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
cli.jsView on unpkg · L2Package source references dynamic require/import behavior.
app/server.jsView on unpkg · L1Source writes installer persistence such as shell profile or service configuration.
src/cli/tray/autostart.jsView on unpkg · L3Package source invokes a package manager install command at runtime.
app/src/lib/updater/updater.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
src/cli/tray/tray.ps1View on unpkgPackage ships high-entropy non-source blobs.
app/.next-cli-build/static/media/material-symbols-outlined.ec1fa111.woff2View on unpkgRSA private key in app/.next-cli-build/server/chunks/8971.js
app/.next-cli-build/server/chunks/8971.jsView on unpkg · L1