AI Security Review
scanned 1d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/index.js` exposes explicit `init` for Claude proxy auto-start.
- `dist/commands/init.js` rewrites `~/.claude/settings.json` and installs a macOS LaunchAgent.
- `dist/plugins/registry.js` dynamically imports user-controlled plugins from `~/.blockrun/plugins`.
- `dist/tools/zerox-base.js` and payment tools can sign and submit wallet transactions.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- `dist/index.js` invokes configuration mutation only through the user-run `franklin init` command.
- `dist/commands/uninit.js` removes only Franklin-owned Claude settings and LaunchAgents.
- Plugin loading targets explicit developer/user plugin directories; no bundled plugins exist.
- RPC code describes and enforces rejection of state-changing RPC methods.
Source & flagged code
3 flagged · loading sourcePackage source references dynamic require/import behavior.
dist/plugins/registry.jsView on unpkg · L96Source uses private key material to transfer cryptocurrency funds.
dist/agent/context.jsView on unpkg · L6A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/agent/context.jsView on unpkg · L6