AI Security Review
scanned 2d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- src/cli/utils/cert.ts adds/removes hosts entries for cloudcode-pa.googleapis.com, daily-cloudcode-pa.googleapis.com, kiro.dev, app.kiro.dev, runtime.us-east-1.kiro.dev
- src/cli/utils/cert.ts can trust a locally generated TLS cert in OS trust stores
- src/index.ts installs package agent context to ~/.antigravity and injects/rewrites model context when not in passthrough mode
- bin/cli.js uses Windows UAC elevation helper for start/switch/remove/setup/certs/stop commands
- src/cli/commands/start.ts can run npm install/npx tsc, kill ports, launch Antigravity, and configure proxy routing
- package.json postinstall only calls dist/data-paths.js migrateUserData, copying old package data/certs/logs into ~/.antigravity
- No install-time foreign AI-agent config mutation found beyond package-owned ~/.antigravity migration marker/data copy
- Hosts/cert/proxy changes are activated by explicit CLI commands, mainly antigravity start/certs/remove
- Network endpoints are aligned with an LLM proxy/provider product and user-configured providers
- No credential harvesting or hardcoded exfiltration endpoint found; dashboard webhook is user-configured
Source & flagged code
5 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/cli.jsView on unpkgPackage source references weak cryptographic algorithms.
dist/cli/utils/cert.jsView on unpkg · L2Package source invokes a package manager install command at runtime.
dist/cli/commands/start.jsView on unpkg · L134