AI Security Review
scanned 1d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Package network and filesystem capabilities are explicit runtime library/CLI features, not install-time behavior.
Static reason
No blocking static signals were detected.
Trigger
User invokes the CLI or host application configures provider, tools, media URLs, or session storage.
Impact
No unsolicited persistence, credential exfiltration, remote payload execution, or foreign AI-agent configuration mutation was found.
Mechanism
Explicit agent framework APIs with caller-supplied providers, handlers, paths, and URLs.
Rationale
Static inspection found no lifecycle execution, child-process use, dynamic code loading, obfuscated payload, or unauthorized filesystem/config mutation. Network requests and credential use are confined to explicitly configured AI-provider and media-fetch functionality.
Evidence
package.jsondist/index.jsdist/cli.jsdist/cli-runner.jsdist/credentials.jsdist/node/session-store-jsonl.jsdist/content.jsdist/providers/openai-compatible.jsdist/extensions.jsdist/tools.js
Decision evidence
public snapshotAI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hook.
- dist/index.js only re-exports APIs and declares metadata.
- dist/cli.js runs only when the user invokes the prism binary.
- dist/cli-runner.js performs discovery and prompt-file reads only through explicit CLI options or workspace paths.
- dist/node/session-store-jsonl.js writes only to the caller-provided session-store path.
- dist/providers/openai-compatible.js sends requests only to caller-configured baseUrl and uses supplied credentials.
Behavioral surface
ChildProcessCryptoFilesystem
HighEntropyStrings
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
3 Low
LowScripts Present
LowFilesystem
LowHigh Entropy Strings