AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs hz init, hz sync, or hz update.
Impact
Project .hubzero guidance can be created, replaced, or updated; hz update may install the latest package version as a dev dependency.
Mechanism
Explicit CLI synchronization of bundled .hubzero guidance and runtime package update.
Rationale
The risky primitives are package-aligned and user-invoked rather than install-time or stealthy, with no evidence of exfiltration, remote payload execution, or broad foreign agent hijacking. Because it explicitly writes AI guidance into project .hubzero, treat as a warning-level agent capability risk rather than malware.
Evidence
package.jsonbin/hz.jssrc/commands/update.jssrc/commands/init.jssrc/commands/sync.jssrc/utils/copyDirectory.js.hubzero/agents/AGENTS.md.hubzeropackage.json devDependency via npm install -D @hubzero/blueprint@latest
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- src/commands/update.js uses execSync to run npm install -D @hubzero/blueprint@latest on explicit hz update.
- src/utils/copyDirectory.js removes and recopies the destination .hubzero directory.
- src/commands/init.js and src/commands/sync.js create or synchronize project .hubzero content.
- .hubzero/agents/AGENTS.md contains AI collaborator guidance copied into projects.
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hooks.
- bin/hz.js only dispatches user-invoked CLI commands.
- No source evidence of credential/env harvesting, exfiltration, eval/vm, native binary loading, persistence, or destructive actions outside .hubzero sync.
- README.md and command names align with a HubZero blueprint synchronization CLI.
Behavioral surface
ChildProcessFilesystemShell
Source & flagged code
2 flagged · loading sourcesrc/commands/update.jsView file
1import { execSync } from "node:child_process";
L2: import { createInterface } from "node:readline/promises";
High
Child Process
Package source references child process execution.
src/commands/update.jsView on unpkg · L112L13: execSync("npm install -D @hubzero/blueprint@latest", {
L14: stdio: "inherit",
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
src/commands/update.jsView on unpkg · L12Findings
3 High2 Low
HighChild Processsrc/commands/update.js
HighShell
HighRuntime Package Installsrc/commands/update.js
LowScripts Present
LowFilesystem