AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/index.cjs exports add/remove/update/use flows that install or remove SKILL.md content for many agent directories including codex and claude-code.
- dist/index.cjs uses child_process.spawn only in user-invoked skills use to launch claude/codex with generated prompt content.
- dist/index.cjs and chunks call telemetry/audit/search/download endpoints and GitHub APIs during user commands.
- dist/index.cjs reads GITHUB_TOKEN/GH_TOKEN or runs gh auth token for GitHub rate-limit fallback.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- README.en.md describes a skills management CLI/library; suspicious primitives align with cloning, installing, finding, updating, and removing skills.
- dist/index.cjs path writes are bounded by path traversal checks before copying/symlinking/removing skill files.
- Well-known archive extraction rejects unsafe paths, links, encrypted zip entries, oversized archives, and missing root SKILL.md.
- No static evidence of credential harvesting, arbitrary remote payload execution at install/import time, persistence, or destructive behavior outside explicit skill management commands.
Source & flagged code
3 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.cjsView on unpkg · L1Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.cjsView on unpkg · L1