AI Security Review
scanned 1d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/commands/init.js` explicitly rewrites `~/.claude/settings.json` to route Anthropic requests through a local proxy.
- `dist/commands/init.js` installs a macOS LaunchAgent that starts `franklin proxy` at login.
- `dist/index.js` exposes this mutation only through the explicit `franklin init` command.
- `dist/tools/zerox-base.js` loads the Franklin wallet private key and signs/submits Base swap transactions.
- `dist/plugins/registry.js` dynamically imports plugins from `~/.blockrun/plugins` during CLI startup.
- `package.json` contains no `preinstall`, `install`, `postinstall`, or `prepare` lifecycle hook.
- No source-inspected install-time or import-time network, credential-exfiltration, or foreign-config write was found.
- `Base0xSwap` requests interactive confirmation unless `auto_approve` is explicitly supplied.
- Gateway endpoints are package-aligned: `https://blockrun.ai/api` and `https://sol.blockrun.ai/api`.
Source & flagged code
3 flagged · loading sourcePackage source references dynamic require/import behavior.
dist/plugins/registry.jsView on unpkg · L96Source uses private key material to transfer cryptocurrency funds.
dist/agent/context.jsView on unpkg · L6A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/agent/context.jsView on unpkg · L6