AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `lib/install.mjs` explicitly writes shell RC and Claude configuration only with `synapse install --write`.
- `lib/install.mjs` adds the resolved repo to `~/.claude/settings.json` additional directories and appends `~/.claude/CLAUDE.md`.
- `agents.sh` defines `vault-gate off`, which writes `$HOME/.claude/vault-gate-off` when explicitly invoked.
- `lib/setup.mjs` can pipe `https://ollama.com/install.sh` to `sh`, but only after an interactive confirmation or explicit `--write`/`--yes`.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- `bin/synapse.mjs` dynamically imports only a fixed allowlisted command-to-file map.
- Embedding traffic targets local Ollama by default (`http://localhost:11434`) and sends vault text only to the configured Ollama base.
- No credential harvesting, remote payload import, stealth persistence, destructive deletion, or network exfiltration was found.
- `synapse install` is dry-run unless the user supplies `--write`; setup is advisory off a TTY by default.
Source & flagged code
6 flagged · loading sourcePackage source references dynamic require/import behavior.
bin/synapse.mjsView on unpkg · L74A single source file combines environment access, network access, and code or shell execution with blocking evidence.
lib/setup.mjsView on unpkg · L48Source downloads or fetches remote code and executes it.
lib/setup.mjsView on unpkg · L17Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
lib/setup.mjsView on unpkg · L17