AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- lib/codex/install.js writes managed blocks into ~/.codex/config.toml and <project>/AGENTS.md and copies hooks to ~/.codex/hooks/dashclaw/.
- lib/claude/install.js writes ~/.claude/settings.json hook entries and ~/.dashclaw/claude-hooks/.env after user runs install claude.
- lib/claude/install.js can download hook bundle from configured endpoint /downloads/dashclaw-claude-code-hooks.zip.
- lib/code/ingest.js and lib/code/ingest-codex.js can read local Claude/Codex transcripts and send/write them on explicit code ingest commands.
- package.json has no preinstall/install/postinstall lifecycle scripts; only bin dashclaw is exposed.
- bin/dashclaw.js dispatches risky behavior behind explicit subcommands such as install, up, code ingest, env, and apply.
- Network calls are package-aligned: configured DashClaw baseUrl, hosted.dashclaw.io trial, npm registry, GitHub codeload/API.
- lib/env.js refuses --print and only injects fetched secrets into a user-specified child process environment.
- lib/code/apply.js guards destination paths with _ensureInsideProject and scans/redacts secret patterns before writes.
- No eval/vm/Function, obfuscated payload, credential harvesting loop, stealth persistence, or install-time mutation found.
Source & flagged code
5 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/dashclaw.jsView on unpkgPackage source references dynamic require/import behavior.
bin/dashclaw.jsView on unpkg · L576Package source invokes a package manager install command at runtime.
lib/up/run.jsView on unpkg · L2