AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/chunk-RNOYLQCV.js` runs configured shell hooks via `sh -c`.
- `dist/chunk-RNOYLQCV.js` spawns configured MCP server commands with inherited environment.
- `dist/chunk-RNOYLQCV.js` auto-imports JavaScript/TypeScript plugins from `~/.agentskit/plugins` during `chat`.
- `chat`/`run` expose filesystem and shell tools to selected LLM agent workflows.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- `dist/bin.js` only parses explicitly invoked CLI arguments.
- Environment API keys are passed to selected provider adapters, not sent to an unrelated hard-coded endpoint.
- Network use is feature-aligned: provider embeddings and the AgentsKit component registry.
- Config writes occur only through explicit `agentskit config init` or scaffold/add commands.
Source & flagged code
5 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/chunk-RNOYLQCV.jsView on unpkg · L7Package source references child process execution.
dist/chunk-RNOYLQCV.jsView on unpkg · L7Source exposes local file and command tools to a remote model endpoint.
dist/chunk-RNOYLQCV.jsView on unpkg · L7Package source references dynamic require/import behavior.
dist/chunk-RNOYLQCV.jsView on unpkg · L38A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.cjsView on unpkg · L17