AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/init/mcp-init.js writes product config then registers Claude Code on explicit init
- dist/init/mcp-setup.js supports non-interactive setup for Claude/Cursor/Gemini/Codex configs
- dist/init/engrym-md-adapter.js can write managed blocks into CLAUDE.md, AGENTS.md, GEMINI.md, and .cursor/rules/engrym.md when opted in
- dist/init/backfill.js can zip user-selected local notes and send them through imports.create
- package.json has no preinstall/install/postinstall lifecycle hooks
- bin/engrym-mcp.js only imports local dist bundle or compiled entry and dispatches argv
- agent/tool config mutation is under explicit init/setup paths, not install-time
- target MCP registrations use npx @engrym/mcp-server@latest with empty env and do not place API keys in agent configs
- dist/init/product-config.js writes the API key only to ~/.engrym/config.yaml with mode 0600 and logs path/project metadata only
- runtime network is package-aligned REST API via configured apiUrl, default https://api.engrym.com
Source & flagged code
2 flagged · loading sourcePackage source references dynamic require/import behavior.
bin/engrym-mcp.jsView on unpkg · L62Package contains source files above the static scanner size ceiling.
dist/engrym-mcp.bundle.mjsView on unpkg