AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/cli/index.js` user-invoked setup writes MCP entries to Claude Desktop, Cursor, or project `.mcp.json`.
- `dist/cli/index.js` user-invoked instruction injection modifies `CLAUDE.md` or `AGENTS.md`.
- `dist/cli/index.js` sends hostname-derived registration name and email to `https://clude.io/api/cortex/register`.
- `dist/sdk/index.js` fetches a GCP metadata token when Vertex embeddings are configured.
- `package.json` has no preinstall/install/postinstall hook; `prepublishOnly` is publish-time only.
- CLI mutations are dispatched only for explicit commands such as `setup`, `mcp-install`, or `inject-instructions`.
- Solana code signs memo/registry transactions; no native-token transfer or wallet-drain path was found.
- Metadata token is used as a Bearer token for the configured Vertex AI prediction endpoint, not sent to Clude.
Source & flagged code
4 flagged · loading sourceSource collects local host identity data and sends it to an external endpoint.
dist/cli/index.jsView on unpkg · L221Source uses private key material to transfer cryptocurrency funds.
dist/sdk/index.jsView on unpkg · L40A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/sdk/index.jsView on unpkg · L40Source reaches cloud instance metadata or link-local credential endpoints.
dist/mcp/server.jsView on unpkg · L144