AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
A user copies the README guardrails into their project's `AGENTS.md` or `.cursorrules`, or an agent follows the bundled `agent-docs/AGENTS.md`.
Impact
Future agent workflows may be biased toward Kuat documentation and component choices; no exfiltration, remote execution, or automatic mutation was found.
Mechanism
Explicit user-directed AI-agent configuration and rule-loading guidance.
Rationale
Source inspection found no malware behavior, but confirmed explicit documentation-driven mutation of project agent configuration. Downgrade to warn rather than block because activation requires a user or agent to follow the documented setup and no harmful payload is present.
Evidence
package.jsonREADME.mdagent-docs/AGENTS.mdagent-docs/rules/LOADING-consumer.mddist/index.jsdist/badge-BFeIqSCP.jsagent-docs/bundle-manifest.json
Decision evidence
public snapshotAI called this Suspicious at 89.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `README.md` instructs users to add Kuat-first rules to their project `AGENTS.md` or `.cursorrules`.
- `agent-docs/AGENTS.md` directs AI agents to load package rules and run an externally provided `ensure-rules.sh`.
- The supplied agent rules influence future agent component-selection behavior.
Evidence against
- `package.json` has no `preinstall`, `install`, `postinstall`, or `prepare` hook.
- Published `dist/*.js` contains no child-process, filesystem, network, eval, dynamic-loader, or credential-harvesting primitive.
- The only `process.env` use in `dist/badge-BFeIqSCP.js` gates a development deprecation warning.
- No executable binary, network endpoint, persistence mechanism, or automatic project-file mutation was found.
Behavioral surface
ChildProcessEnvironmentVars
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourceagent-docs/AGENTS.mdView file
•Published source reference
Medium
Ai Review Evidence
`agent-docs/AGENTS.md` directs AI agents to load package rules and run an externally provided `ensure-rules.sh`.
agent-docs/AGENTS.mdView on unpkgFindings
4 Medium3 Low
MediumEnvironment Vars
MediumAi Review Evidence
MediumAi Review Evidenceagent-docs/AGENTS.md
MediumAi Review Evidence
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings