AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/commands/skill.js` exposes explicit `skill install` that copies a packaged prompt skill into Claude and Cursor user skill directories.
- `dist/commands/admin.js` provides authenticated admin-agent and token lifecycle commands, including create/delete agents and issue/revoke tokens.
- `dist/http.js` sends the configured bearer token to its API endpoint for invoked CLI commands.
- `package.json` has no preinstall, install, or postinstall lifecycle hooks.
- `dist/index.js` only registers Commander commands; it has no install-time mutation or automatic network request.
- `dist/http.js` uses a single configured/default API host and does not harvest files or enumerate environment variables beyond its required token.
- No child-process execution, eval/vm use, dynamic code loading, persistence, or covert exfiltration was found in `dist`.
- The agent-skill write occurs only after the user explicitly runs `noreaster skill install`.
Source & flagged code
3 flagged · loading source`dist/commands/skill.js` exposes explicit `skill install` that copies a packaged prompt skill into Claude and Cursor user skill directories.
dist/commands/skill.jsView on unpkg`dist/commands/admin.js` provides authenticated admin-agent and token lifecycle commands, including create/delete agents and issue/revoke tokens.
dist/commands/admin.jsView on unpkg`dist/http.js` sends the configured bearer token to its API endpoint for invoked CLI commands.
dist/http.jsView on unpkg