AI Security Review
scanned 3d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `lib/install.mjs` writes a shell RC source line when explicitly run with `synapse install --write`.
- `lib/install.mjs` adds the resolved repo to `~/.claude/settings.json` additionalDirectories and appends `~/.claude/CLAUDE.md`.
- `agents.sh` installs prompt-time self-reload hooks and exposes commands that launch external coding CLIs.
- `lib/setup.mjs` can execute Ollama installation commands, including a curl-to-shell pipeline on Linux, only after prompt/`--write`.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- `bin/synapse.mjs` only dispatches explicit CLI subcommands via a fixed command map.
- `lib/install.mjs` defaults to dry-run; mutations require the user to pass `--write`.
- `lib/setup.mjs` is advisory off-TTY unless `--write`/`--yes` is supplied; default network target is local Ollama.
- Inspected code shows no credential harvesting, stealth exfiltration, remote payload loading at import, or destructive behavior.
Source & flagged code
6 flagged · loading sourcePackage source references dynamic require/import behavior.
bin/synapse.mjsView on unpkg · L74A single source file combines environment access, network access, and code or shell execution with blocking evidence.
lib/setup.mjsView on unpkg · L48Source downloads or fetches remote code and executes it.
lib/setup.mjsView on unpkg · L17Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
lib/setup.mjsView on unpkg · L17