AI Security Review
scanned 2d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `bin/manager-for-ai.mjs` defaults to a public billing API and `wss://app.galda.app/agent` when the CLI runs.
- `engine/relay-client.mjs` reads the local access key and forwards relay-supplied requests to the local manager with that key injected.
- `engine/server.mjs` runs `claude` or `codex` workers for submitted goals, which can act in a selected project.
- The relay reconnects persistently while the user-run CLI process remains active.
- `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
- Execution starts only through the explicit `galda` CLI entrypoint or direct server invocation.
- Source reads only package-owned `~/.manager-for-ai/secret.key` and `license.token`; no broad credential harvesting was found.
- No bidi/invisible Unicode control bytes were found in `engine/lib.mjs`; the scanner Trojan Source finding is unsupported.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
bin/manager-for-ai.mjsView on unpkg · L8Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/manager-for-ai.mjsView on unpkg · L8Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
bin/manager-for-ai.mjsView on unpkg · L8Package source references dynamic require/import behavior.
bin/manager-for-ai.mjsView on unpkg · L61Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
engine/lib.mjsView on unpkg · L1535