AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `cli/dai.mjs` explicitly copies bundled skills into `~/.claude/skills` and `~/.cursor/skills` under `dai install --global`.
- The same explicit install command can remove and replace an existing named skill when `--force` is supplied.
- `dai init` can invoke `npm install -g @fission-ai/openspec@latest` after its user-facing setup flow.
- Tracker/forge adapters send configured credentials only to user-selected Jira, ClickUp, GitHub, or GitLab endpoints.
- `package.json` has no `preinstall`, `install`, or `postinstall`; `prepublishOnly` only runs tests before publishing.
- Agent-directory writes occur only through the user-invoked `dai install` command, with interactive/flag scope selection and dry-run support.
- No `eval`, VM, dynamic module loading, obfuscated payload, credential harvesting, or arbitrary shell execution was found.
- `execFileSync` is constrained to Git, optional OpenSpec/npm setup, and documented CLI tooling; package import alone does not execute them.
- Network calls are feature-aligned tracker and forge API requests using configured tokens.
Source & flagged code
4 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
cli/dai.mjsView on unpkgPackage source invokes a package manager install command at runtime.
cli/dai.mjsView on unpkg · L636