AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs `npx devground-setup` from a project root.
Impact
Can alter project scripts, pre-commit behavior, and agent instruction files after explicit invocation.
Mechanism
Explicit project configuration, Git-hook setup, and AI-agent config/symlink creation.
Rationale
Source inspection confirms a documented, user-invoked setup tool rather than malicious install-time behavior. Its explicit AI-agent configuration mutation and hook setup are real capabilities, so policy calls for a warning rather than a block.
Evidence
package.jsonsetup.jsREADME.mdeslint.config.mjstsconfig.jsontsconfig.typecheck.jsoncommitlint.config.js.husky/pre-commitAGENTS.mdCLAUDE.md.cursorrules.github/copilot-instructions.md.gemini/styleguide.md
Decision evidence
public snapshotAI called this Suspicious at 89.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `setup.js` is an explicitly invoked CLI via `bin`, not a lifecycle hook.
- `setup.js` rewrites the target project's `package.json`, including `scripts.prepare`.
- `setup.js` runs `npx husky init` and writes `.husky/pre-commit`.
- `setup.js` copies `AGENTS.md` and creates agent-facing symlinks for Claude, Cursor, Copilot, and Gemini.
Evidence against
- `package.json` defines no preinstall, install, postinstall, or prepare lifecycle hook.
- No source network client, credential/environment harvesting, or exfiltration code is present.
- No eval, dynamic module loading, binary loading, destructive deletion, or remote-payload execution was found.
- README.md documents the filesystem and hook changes before the user runs `npx devground-setup`.
Behavioral surface
ChildProcessFilesystemShell
Source & flagged code
2 flagged · loading sourcesetup.jsView file
2L3: const { execSync } = require('node:child_process');
L4: const fs = require('node:fs');
High
117try {
L118: execSync('npx husky init', { cwd: targetDir, stdio: 'pipe' });
L119: log('Husky inicializado');
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
setup.jsView on unpkg · L117Findings
3 High1 Low
HighChild Processsetup.js
HighShell
HighRuntime Package Installsetup.js
LowFilesystem