AI Security Review
scanned 1h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `src/commands/init.mjs` explicitly copies manifest-listed files into a consumer repository.
- `src/lib/bundle.mjs` includes `.agents` skills and executable `.claude/hooks/*.py` assets.
- `scripts/kit-update-pr.mjs` can run git/gh commands, commit, force-with-lease push, and create/edit a PR when invoked.
- `src/lib/updateCandidate.mjs` runs the consumer's `npm test` during an explicit update.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- CLI behavior is gated behind explicit `init`, `update`, `uninstall`, or update-PR commands.
- `src/cli.mjs` instructs users to add hook registration manually; it does not write Claude settings.
- No credential harvesting, encoded payload loading, eval/vm use, or direct exfiltration was found.
- The shipped HITL shell helper is an interactive local template, not a hidden payload.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
scripts/test_census_update_contract.test.mjsView on unpkg · L2This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
scripts/build-kit.test.mjsView on unpkgPackage source invokes a package manager install command at runtime.
scripts/build-kit.test.mjsView on unpkg · L71Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.agents/skills/diagnose/scripts/hitl-loop.template.shView on unpkgPackage ships non-JavaScript build or shell helper files.
.agents/skills/diagnose/scripts/hitl-loop.template.shView on unpkg