AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/cli.js` explicitly registers `elnora setup` commands that modify AI-tool configuration.
- `dist/cli.js` writes an Elnora MCP server plus API-key header to `~/.codex/mcp.json`, `~/.cursor/mcp.json`, and `~/.vscode/mcp.json` after user invocation.
- `dist/cli.js` runs `claude plugin marketplace add` and `claude plugin install` only through explicit `elnora setup claude`.
- `dist/cli.js` supports an explicit `update --install` path that downloads release archives and extracts them with system tools.
- `scripts/postinstall.mjs` only prints setup instructions and exits in CI or without a TTY; it performs no writes or network access.
- No lifecycle script modifies agent configuration, starts a service, or executes downloaded content.
- The HTTP MCP listener is started only by `elnora mcp serve`; it requires API-key validation.
- No `eval`, `Function`, dynamic code loading, credential harvesting, or unexplained exfiltration was found.
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/cli.jsView on unpkg · L32Source launches a detached bundled service that exposes a broad-bound HTTP listener.
dist/cli.jsView on unpkg · L32This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkg