AI Security Review
scanned 4h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/src/skills.js` symlinks bundled skills into `~/.agents`, `~/.codex`, or `~/.claude` skill directories.
- `dist/src/cli.js` exposes this agent-directory mutation through explicit `webcmd skills install` and `webcmd skills update` commands.
- `package.json` postinstall runs scripts that write shell completions and a `~/.webcmd/spotify.env` template on global installs.
- `scripts/fetch-adapters.js` can remove stale first-party `~/.webcmd/clis` overrides during eligible installs.
- Agent skill linking is user-invoked; no lifecycle script calls the skills install/update commands.
- `scripts/postinstall.js` does not modify shell rc files and writes only completions plus placeholder credentials.
- `scripts/fetch-adapters.js` declares no network use and only manages the package-owned `~/.webcmd` area.
- `dist/src/update-check.js` has update checks disabled and uses placeholder `invalid.example` URLs.
- No inspected lifecycle or runtime source harvested credentials/env files for exfiltration or executed remote payloads.
Source & flagged code
11 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/src/external.test.jsView on unpkg · L9Package source references a known benign dynamic code generation pattern.
dist/src/browser.test.jsView on unpkg · L298Package source references dynamic require/import behavior.
dist/src/discovery.jsView on unpkg · L257Package source references weak cryptographic algorithms.
clis/grok/image.jsView on unpkg · L6Source writes installer persistence such as shell profile or service configuration.
scripts/postinstall.jsView on unpkg · L7This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/src/cli.jsView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/src/cli.jsView on unpkg · L65Hardcoded password in dist/src/observation/redaction.test.js
dist/src/observation/redaction.test.jsView on unpkg · L28