AI Security Review
scanned 1h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/cli.mjs init writes AI-agent configs/hooks for .claude, .codex, .cursor, .opencode and MCP registrations.
- dist/cli.mjs install-hooks writes .git/hooks/post-commit and optionally prepare-commit-msg.
- dist/cli.mjs generated OpenCode plugin spawns configured hook commands on tool events.
- dist/cli.mjs can run user-configured machineChecks via execSync and uses gh/git commands for project workflows.
- package.json has only prepublishOnly; no preinstall/install/postinstall runtime mutation.
- AI-agent config writes occur from explicit CLI commands such as init/gen-agents/install-hooks, not package install or import.
- Network use is package-aligned: model selection fetches https://models.dev/api.json and serve binds local Fastify UI.
- No credential harvesting, hidden exfiltration endpoint, remote payload loader, destructive behavior, or persistence outside declared workflow found.
- Trojan-source hint was in bundled web dependency code; inspection did not show an attack chain tied to package logic.
Source & flagged code
3 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.mjsView on unpkgSource contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
web/dist/assets/chunk-KEIR6QF5-BfrZ3jm6.jsView on unpkg · L46