AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs `node ace configure @adonis-agora/agent` or boots an Adonis app configured with this provider.
Impact
Can add agent routes, migrations, and execute project-authored tool modules in the host application.
Mechanism
Explicit framework configuration and project-local agent-tool discovery.
Rationale
Source inspection found a policy-relevant explicit agent setup path, but no concrete malicious chain, credential exfiltration, remote payload execution, or install-time mutation. Downgrade to warn for the explicit agent configuration capability rather than block.
Evidence
package.jsondist/configure.jsdist/providers/agent_provider.jsdist/src/tool-discovery.jsdist/src/hooks/tools.jsdist/stubs/config/agent.stubadonisrc.tsconfig/agent.tsdatabase/migrations/<timestamp>_create_agent_tables.tsdatabase/migrations/<timestamp>_create_agent_run_tracking.tsdatabase/migrations/<timestamp>_create_agent_rag_chunks.ts.adonisjs/agent/tools.tsapp/agent_tools
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Benign with high false-positive risk.
Evidence for warning
- `dist/configure.js` explicitly updates `adonisrc.ts` and publishes agent config/migration stubs when invoked.
- `dist/providers/agent_provider.js` imports generated or project-local `app/agent_tools` modules during Adonis boot.
- `dist/src/tool-discovery.js` recursively imports project-local tool modules as an opt-in fallback.
Evidence against
- `package.json` has no preinstall/install/postinstall lifecycle hooks.
- No child-process, shell, eval, VM, credential harvesting, or outbound HTTP client use was found in published JS.
- Dynamic imports are limited to package peers, generated app barrels, or configured project modules.
- Attachment reads are limited to authenticated upload temp files and pass through size/type checks in `dist/providers/agent_provider.js`.
Behavioral surface
DynamicRequireFilesystem
HighEntropyStrings
Source & flagged code
1 flagged · loading sourcedist/providers/agent_provider.jsView file
135}
L136: const { InMemoryAgentStore } = await import('../src/testing/in-memory-store.js');
L137: return new InMemoryAgentStore();
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/providers/agent_provider.jsView on unpkg · L135Findings
1 Medium3 Low
MediumDynamic Requiredist/providers/agent_provider.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings