AI Security Review
scanned 6d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- src/skills.ts fetches a remote skills index from raw.githubusercontent.com and load_skill returns remote playbook text to the agent.
- src/skills.ts allows COLDIQ_SKILLS_INDEX_URL to override the skills catalog URL.
- src/client.ts sends tool requests with COLDIQ_API_KEY Authorization to configured API base URL.
- package.json has no install/postinstall/preinstall hook; prepublishOnly is publish-time build only.
- src/index.ts only starts a stdio MCP server and registers ColdIQ tools when the bin is run.
- No source writes agent config files, home/project files, shell startup files, VCS hooks, or MCP/Claude/Codex settings.
- No child_process, eval/Function, dynamic native/binary loading, or destructive filesystem behavior found.
- Network behavior is package-aligned: ColdIQ API calls and user-invoked skill catalog fetches.
Source & flagged code
1 flagged · loading sourceSource mutates builtin networking, serialization, module-loading, or filesystem APIs while forwarding data to an external endpoint.
tests/skills.test.ts#virtual:normalized:round1View on unpkg · L44