AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `birdybeep agent install`, `pair`, `hook`, `status`, `doctor`, or `test`.
Impact
Can modify detected agent harness configuration through declared adapters and transmit user-approved lifecycle/pairing data.
Mechanism
Explicit coding-agent adapter setup and BirdyBeep event delivery.
Rationale
Source inspection finds a user-invoked agent-integration feature, not malware or stealth persistence. Per policy, explicit user-command agent configuration mutation warrants a warning.
Evidence
package.jsondist/bin.cjsdist/index.cjs
Network endpoints2
api.birdybeep.comregistry.npmjs.org
Decision evidence
public snapshotAI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `dist/bin.cjs` exposes explicit `agent install` for Claude, Codex, and OpenCode adapters.
- The user-invoked install path calls each adapter's `install()` after detection.
- `hook`, `status`, `doctor`, and `test` create senders for BirdyBeep event delivery.
- `pair` posts machine-label, OS, CLI version, and fingerprint hash during approved pairing.
Evidence against
- `package.json` contains no preinstall, install, postinstall, or prepare lifecycle hook.
- `dist/bin.cjs` runs only as the declared `birdybeep` executable; importing `dist/index.cjs` does not invoke it.
- Agent configuration mutation requires the explicit `birdybeep agent install` command.
- No shell execution, eval/vm, native loading, destructive file APIs, or hidden endpoints appear in shipped code.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
UrlStrings
Source & flagged code
1 flagged · loading sourcedist/bin.cjsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @birdybeep/cli@0.1.0
matchedIdentity = npm:QGJpcmR5YmVlcC9jbGk:0.1.0
similarity = 0.400
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/bin.cjsView on unpkgFindings
1 High2 Medium3 Low
HighPrevious Version Dangerous Deltadist/bin.cjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings