AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- lib/index.js/lib/153.js expose project creation options that include AGENTS.md and CLAUDE.md by default unless user disables them.
- lib/718.js has a user-invoked updater that downloads install.sh/install.ps1 from cdn.bricks.tools and executes it via sh/powershell.
- bin/bricks imports lib/index.js and runs CLI commands; no npm install/postinstall hook is present.
- package.json has no preinstall/install/postinstall lifecycle scripts; only prepack build is declared.
- bin/bricks and bin/bricks.cmd only dispatch to bun/node for bin/bricks.js.
- Network endpoints are BRICKS service/CDN/API URLs or documented third-party provider URLs used by CLI features.
- Auth/token handling appears tied to BRICKS profiles/workspace commands, not broad credential harvesting.
- AI-agent files are generated by explicit project creation flow with --no-agents/--no-claude options, not install-time mutation.
Source & flagged code
5 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/index.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
lib/index.jsView on unpkgPackage source references a known benign dynamic code generation pattern.
lib/886.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
bin/bricks.cmdView on unpkg