AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs dxb init without --no-claude-skill.
Impact
Adds Doxbrix authoring instructions under .claude; no credential harvesting, exfiltration, remote payload execution, or broad control-surface mutation was found.
Mechanism
Project-local AI-agent skill scaffolding
Rationale
Source inspection found no concrete malicious behavior. Per policy, explicit user-command AI-agent configuration mutation remains a warning-level capability risk.
Evidence
package.jsondist/commands/init.jsdist/lib/claude-skill.generated.jsdist/lib/context.jsdist/lib/docs/frontmatter.js.claude/skills/doxbrix-authoring/SKILL.md.claude/skills/doxbrix-authoring/blocks-cheatsheet.md.doxbrix/config.json
Network endpoints1
app.doxbrix.com
Decision evidence
public snapshotAI called this Suspicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- dist/commands/init.js: explicit dxb init writes .claude/skills/doxbrix-authoring/SKILL.md by default.
- dist/commands/init.js: the generated Claude skill is written into the user-selected project root.
- dist/lib/claude-skill.generated.js: installed content directs an AI agent's documentation workflow.
Evidence against
- package.json: no preinstall, install, postinstall, or prepare lifecycle hook exists.
- dist/commands/init.js: mutation requires explicit dxb init and supports --no-claude-skill.
- dist/lib/claude-skill.generated.js: instructs agents not to publish or push without an explicit user request.
- dist/lib/docs/frontmatter.js: the flagged invisible character is a BOM accepted and removed by the frontmatter parser.
- dist/lib/context.js: network use is through the package-aligned @doxbrix/sdk client with configured Doxbrix API URL.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/lib/docs/frontmatter.jsView file
8contains invisible/control Unicode U+FEFF (zero width no-break space)
const FRONTMATTER_RE = /^<U+FEFF>?---\r?\n([\s\S]*?)\r?\n---\r?\n?/;
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/lib/docs/frontmatter.jsView on unpkg · L8•Trigger-reachable chain: manifest.bin -> dist/cli.js -> dist/commands/index.js -> dist/commands/import.js -> dist/lib/docs/frontmatter.js
Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/lib/docs/frontmatter.jsView on unpkgFindings
2 Critical3 Medium4 Low
CriticalTrojan Source Unicodedist/lib/docs/frontmatter.js
CriticalTrigger Reachable Dangerous Capabilitydist/lib/docs/frontmatter.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings