AI Security Review
scanned 7h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/activate.js` adds Claude Code hook commands to workspace `.claude/settings.json`.
- It writes executable `.atrium/hooks/atrium-record-dispatch.sh` and `.atrium/hooks/atrium-register-thread.sh`.
- Hook setup is restricted to trusted workspaces and requires a modal `Set up` confirmation.
- The package can install launchd schedules only through trust-gated daemon intents.
- Command probes execute configured shell commands only when enabled in a trusted workspace.
- `package.json` has no npm lifecycle scripts.
- No credential harvesting or external exfiltration endpoint was found.
- Network server binds to loopback and requires a random Bearer token.
- Dynamic Copilot SDK import and CLI lookup are package-aligned runtime integrations.
- No install-time execution, hidden payload loading, or destructive broad file mutation was found.
Source & flagged code
3 flagged · loading sourcePackage source references dynamic require/import behavior.
dist/activate.cjsView on unpkg · L7Source writes installer persistence such as shell profile or service configuration.
dist/activate.cjsView on unpkg · L1226Package source references a known benign dynamic code generation pattern.
dist/activate.cjsView on unpkg · L2942