AI Security Review
scanned 2d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/commands/init.js` explicitly writes `~/.claude/settings.json`.
- `init` installs a macOS `LaunchAgent` that starts its proxy on login.
- `dist/tools/surf.js` signs x402 payment payloads with the configured wallet key.
- `dist/plugins/registry.js` dynamically imports user plugins from `~/.blockrun/plugins`.
- `package.json` has no preinstall, install, postinstall, or prepare hook.
- The Claude and LaunchAgent changes require explicit `franklin init` execution.
- Wallet signing is part of documented paid-request handling, not credential exfiltration.
- No source evidence found of private-key transmission, hidden payload download, or destructive install-time behavior.
Source & flagged code
3 flagged · loading sourcePackage source references dynamic require/import behavior.
dist/plugins/registry.jsView on unpkg · L96Source uses private key material to transfer cryptocurrency funds.
dist/agent/context.jsView on unpkg · L6A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/agent/context.jsView on unpkg · L6