AI Security Review
scanned 4d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No malicious install-time attack was confirmed. The real risk is explicit user-command setup of first-party persistent Tandem engine/control-panel services and agent workflow configuration.
Decision evidence
public snapshot- bin/cli.js user-invoked init/service can install persistent systemd/launchd services.
- lib/setup/services/systemd.js writes /etc/systemd/system/tandem-engine.service and tandem-control-panel.service.
- lib/setup/services/launchd.js writes /Library/LaunchDaemons ai.frumu.tandem engine/panel plists.
- lib/setup/control-panel-config.js defaults include GitHub Copilot MCP URL for agent workflow integration.
- package.json has no install/preinstall/postinstall hook; only prepublishOnly build.
- bin/cli.js setup and service installation require explicit CLI commands, not import/install time.
- lib/setup/env.js generates local Tandem env/config/state files; no credential harvesting or exfiltration found.
- bin/service-runner.js launches first-party @frumu/tandem engine and local panel only.
- dist/assets/vendor-DaS45vkz.js invisible Unicode matches bundled YAML BOM/control tokens, not reviewer/prompt manipulation.
Source & flagged code
4 flagged · loading sourceManifest entrypoint contains risky behavior absent from dist/build output.
bin/cli.jsView on unpkg · L3Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/assets/vendor-DaS45vkz.jsView on unpkg · L153Package ships non-JavaScript build or shell helper files.
bin/service-local.shView on unpkg