AI Security Review
scanned 2d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/agents/ContainerAgentExecutor.js builds container agent jobs with GitHub installation tokens and optional raw Claude/ChatGPT subscription credentials.
- dist/modules/llmProxy/LlmProxyController.js forwards authenticated chat completion requests to configured LLM upstreams at runtime.
- dist/modules/webSearch/upstreams.js provides server-side Brave/SearXNG web search proxying.
- package.json has no npm lifecycle hooks or bin entries; import surface is dist/index.js exports only.
- dist/crypto/encoding.d.ts secret hit is documentation for PEM formats, not an embedded private key.
- dist/modules/tasks/TaskSourceController.js is Hono route wiring for task integrations; no dynamic require or import-time execution found.
- No writes to home/project AI-agent control surfaces, shell startup files, VCS hooks, or persistence mechanisms found.
- Network calls are runtime service/OAuth/search/GitHub operations aligned with the package's server purpose.
Source & flagged code
7 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/crypto/encoding.d.tsView on unpkg · L7RSA private key in dist/crypto/encoding.d.ts
dist/crypto/encoding.d.tsView on unpkg · L7RSA private key in dist/crypto/encoding.d.ts
dist/crypto/encoding.d.tsView on unpkg · L8Package source references dynamic require/import behavior.
dist/modules/tasks/TaskSourceController.jsView on unpkg · L188RSA private key in dist/github/GitHubAppAuth.d.ts
dist/github/GitHubAppAuth.d.tsView on unpkg · L4