AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/adapters/tools.js` provides agent-callable project file writes, `bash -c`, web fetch/search, and MCP calls.
- `dist/cli/daemon.js` starts a detached service and writes PID/log state after explicit `openswarm start`.
- `dist/verify/runner.js` runs configured project commands through a shell in a temporary sandbox.
- `dist/auth/oauthStore.js` persists OAuth profiles in `~/.openswarm/auth-profiles.json`.
- `package.json` has no `preinstall`, `install`, or `postinstall` hook.
- `dist/adapters/tools.js` confines file tools to the selected project root or `/tmp`.
- `dist/cli/mcpCommand.js` mutates only first-party `~/.openswarm/mcp.json` via explicit `openswarm mcp` commands.
- No source evidence of credential exfiltration, hidden payload retrieval, or mutation of foreign AI-agent configuration.
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
dist/verify/runner.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/adapters/tools.jsView on unpkgPackage source references a known benign dynamic code generation pattern.
dist/registry/bsDetector.jsView on unpkg · L118Package source references dynamic require/import behavior.
dist/cli/doctorHandler.jsView on unpkg · L50Source writes installer persistence such as shell profile or service configuration.
dist/cli/daemon.jsView on unpkg · L5Package source invokes a package manager install command at runtime.
dist/support/updateNotifier.jsView on unpkg · L119