AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/commands/mcp.js` exposes an MCP `fetch_page` tool that fetches caller-supplied URLs for non-AHTML targets.
- `dist/commands/mcp.js` exposes `invoke_action`, posting MCP-provided arguments to action URLs declared by the target site.
- `dist/commands/init.js` can modify a user-selected project and its `package.json` only through explicit `ahtml init` execution.
- `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
- All network activity is reached through explicit CLI commands; imports only define command handlers.
- No child-process, shell, eval/vm, credential harvesting, hidden persistence, or foreign AI-agent configuration writes were found.
- `dist/commands/llms.js` writes only when the user passes `--out`.
Source & flagged code
3 flagged · loading source`dist/commands/mcp.js` exposes an MCP `fetch_page` tool that fetches caller-supplied URLs for non-AHTML targets.
dist/commands/mcp.jsView on unpkg`dist/commands/mcp.js` exposes `invoke_action`, posting MCP-provided arguments to action URLs declared by the target site.
dist/commands/mcp.jsView on unpkg`dist/commands/init.js` can modify a user-selected project and its `package.json` only through explicit `ahtml init` execution.
package.jsonView on unpkg