AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `bin/manager-for-ai.mjs` defaults to a hosted WebSocket relay and starts it after the user runs the CLI.
- `engine/relay-client.mjs` accepts relay-supplied URLs and forwards them to the local server while injecting its access key.
- `engine/server.mjs` launches Claude/Codex workers from task requests, enabling code-capable agent actions in selected projects.
- `engine/server.mjs` posts licensed task text and results to the billing API history endpoint.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- Execution begins through the explicit `galda` bin command, not package import.
- The local server binds to `127.0.0.1` and checks an access key before protected routes.
- The reported Unicode control is only an optional BOM match in YAML front-matter parsing, not hidden control-flow text.
Source & flagged code
6 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/manager-for-ai.mjsView on unpkgPackage source references child process execution.
bin/manager-for-ai.mjsView on unpkg · L8Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/manager-for-ai.mjsView on unpkg · L8Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
bin/manager-for-ai.mjsView on unpkg · L8Package source references dynamic require/import behavior.
bin/manager-for-ai.mjsView on unpkg · L101Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
engine/lib.mjsView on unpkg · L1549