AI Security Review
scanned 10h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- src/prompts/governance-setup.ts generates Claude Code hook config for .claude/settings.json, but as a confirm-first prompt.
- src/governance/grounding.ts can deny non-Read Claude tool use until CLAUDE.md files are read when hooks are installed.
- src/gates/telemetry.ts writes local finding telemetry under ~/.everystack/governance/*.jsonl.
- src/tools/check-environment.ts uses execSync for local version checks including npx expo and npx sst.
- package.json has no preinstall/postinstall/prepare lifecycle hooks.
- No source writes .claude/settings.json, .mcp.json, CLAUDE.md, or other foreign agent config automatically.
- README.md documents MCP setup and says governance hooks are opt-in/local-only.
- src/index.ts starts an MCP stdio server or explicit hook subcommands only; no import-time payload beyond main entry execution.
- No credential exfiltration or package-owned remote endpoint calls found.
- dist/aws-setup.md contains AWS setup documentation/placeholders, not embedded live secrets.
Source & flagged code
7 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/aws-setup.mdView on unpkg · L216This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/tools/check-environment.jsView on unpkgPackage source references child process execution.
dist/tools/check-environment.jsView on unpkg · L1Package source references a known benign dynamic code generation pattern.
dist/resources/index.jsView on unpkg · L9Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.cjsView on unpkg · L1229AWS access key ID in src/resources/aws-setup.md
src/resources/aws-setup.mdView on unpkg · L216