AI Security Review
scanned 10h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The install hook enters an interactive installer; its persistence and agent-enforcement features are package-aligned and gated by selected setup options.
Decision evidence
public snapshot- package.json invokes node/bin/install.js on install
- node/bin/install.js can spawn detached daemon and monitor processes
- deploy/ contains root systemd persistence tooling
- Installer asks for setup choices before scaffolding or launching components
- Root persistence requires explicit --all/--root path, not default lifecycle args
- Companion generation only prints hook configuration; it does not write foreign harness config
- Daemon exposes a local Unix/TCP socket and audit files, with no outbound HTTP client or endpoint
- python/tests/python_parity_test.py is ordinary ASCII test code, not a hidden payload
Source & flagged code
16 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
python/agent_character_kit/enforcer.pyView on unpkg · L248RSA private key in python/agent_character_kit/enforcer.py
python/agent_character_kit/enforcer.pyView on unpkg · L248Package source references child process execution.
node/bin/install.jsView on unpkg · L26Source writes installer persistence such as shell profile or service configuration.
node/bin/aik.jsView on unpkg · L14A single source file combines environment access, network access, and code or shell execution with blocking evidence.
node/enforcer/agent_enforcer_daemon.jsView on unpkg · L23RSA private key in node/enforcer/agent_enforcer_daemon.js
node/enforcer/agent_enforcer_daemon.jsView on unpkg · L110RSA private key in node/enforcer/agent_enforcer_daemon.js
node/enforcer/agent_enforcer_daemon.jsView on unpkg · L118RSA private key in node/enforcer/agent_enforcer_daemon.js
node/enforcer/agent_enforcer_daemon.jsView on unpkg · L295Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
python/tests/python_parity_test.pyView on unpkgPackage ships non-JavaScript build or shell helper files.
python/tests/python_parity_test.pyView on unpkgRSA private key in python/example_workspace/.agent/habits/no-credential-leak.yaml
python/example_workspace/.agent/habits/no-credential-leak.yamlView on unpkg · L18RSA private key in python/example_workspace/.agent/habits/no-credential-leak.yaml
python/example_workspace/.agent/habits/no-credential-leak.yamlView on unpkg · L34RSA private key in node/examples/.agent/habits/no-credential-leak.yaml
node/examples/.agent/habits/no-credential-leak.yamlView on unpkg · L18RSA private key in node/examples/.agent/habits/no-credential-leak.yaml
node/examples/.agent/habits/no-credential-leak.yamlView on unpkg · L34