AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/interfaces/mcp/skill.js` writes to `~/.codex/AGENTS.md` and `~/.claude/skills/captatum/SKILL.md`.
- `dist/cli.js` exposes this mutation through explicit `captatum skill install` only.
- `package.json` has no preinstall, install, or postinstall hook.
- `bin/captatum.mjs` only dispatches the user-invoked CLI or stdio MCP bridge.
- No credential harvesting, hidden shell execution, or exfiltration path was found.
- `dist/infrastructure/http/dns.js` rejects loopback, private, and reserved resolved addresses.
- `dist/interfaces/mcp/format.js` contains no bidi/invisible controls; the scanner Trojan-Source hint is false.
- `dist/infrastructure/llm/safety.js` identifies sensitive URLs/content to prevent LLM egress.
Source & flagged code
2 flagged · loading sourceSource reaches cloud instance metadata or link-local credential endpoints.
dist/infrastructure/llm/safety.jsView on unpkg · L14Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/interfaces/mcp/format.jsView on unpkg · L128