AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/index.js` exposes `caplets setup` for Codex, Claude Code, OpenCode, Pi, and MCP clients.
- Explicit setup calls `upsertServer` to modify a selected MCP client configuration.
- `dist/index.js` can execute configured Caplet setup commands with inherited environment variables.
- `package.json` contains no preinstall, install, postinstall, or other lifecycle hook.
- Entrypoint inspection shows no top-level call that starts a daemon, server, setup, or child process on import.
- Agent configuration mutation is behind the explicit `caplets setup` CLI command.
- Setup command execution uses `shell: false`, timeouts, output limits, and secret redaction.
- Network URLs are Caplets catalog/cloud and npm update-check endpoints, consistent with package functionality.
Source & flagged code
9 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/index.jsView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.jsView on unpkg · L18Source launches a detached bundled service that exposes a broad-bound HTTP listener.
dist/index.jsView on unpkg · L18Package source references dynamic require/import behavior.
dist/index.jsView on unpkg · L2634Package source references a known benign dynamic code generation pattern.
dist/completion-R9xY83Pe.jsView on unpkg · L4103Package contains source files above the static scanner size ceiling.
dist/user-settings-CgxB92KJ.jsView on unpkg