AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs the `agentsight` CLI.
Impact
Adds a package-controlled MCP capability to Cursor or Windsurf and edits application source.
Mechanism
Explicit project injection, MCP registration, and self-install command execution.
Rationale
The package is not malicious by the blocking threshold because no lifecycle-triggered or covert exfiltration/destructive behavior is present. Its explicit CLI nevertheless creates an IDE MCP entry that delegates execution to another package, so it warrants a warning.
Evidence
package.jsonbin/init.jsproject/app/layout.tsxproject/app/layout.jsxproject/src/app/layout.tsxproject/src/app/layout.jsxproject/src/App.tsxproject/src/App.jsxproject/src/main.tsxproject/src/main.jsxproject/.cursor/mcp.jsonproject/.windsurf/mcp.jsonproject/package.json
Decision evidence
public snapshotAI called this Suspicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `bin/init.js` runs immediately when the explicit `agentsight` CLI is invoked.
- The CLI creates or modifies `project/.cursor/mcp.json` and `project/.windsurf/mcp.json`.
- It registers `agentsight` to run `npx -y @itsraeyy/agentsight-mcp`, enabling a separate package.
- It injects an AgentSight provider into detected Next.js/Vite source files and can run a package-manager install command.
Evidence against
- `package.json` defines no preinstall, install, postinstall, or other lifecycle hook.
- No network URL, credential harvesting, exfiltration, destructive deletion, eval, or remote code-loading primitive appears in the inspected files.
- All project mutation occurs only after an explicit user invocation of the `agentsight` bin.
- The MCP entry is package-aligned and idempotently avoids replacing an existing `agentsight` configuration.
Behavioral surface
ChildProcessEnvironmentVarsFilesystem
HighEntropyStrings
NoLicense
Source & flagged code
2 flagged · loading sourcebin/init.jsView file
•Published source reference
Medium
Ai Review Evidence
`bin/init.js` runs immediately when the explicit `agentsight` CLI is invoked.
bin/init.jsView on unpkgproject/.cursor/mcp.jsonView file
•Published source reference
Medium
Ai Review Evidence
The CLI creates or modifies `project/.cursor/mcp.json` and `project/.windsurf/mcp.json`.
project/.cursor/mcp.jsonView on unpkgFindings
5 Medium4 Low
MediumEnvironment Vars
MediumAi Review Evidencebin/init.js
MediumAi Review Evidenceproject/.cursor/mcp.json
MediumAi Review Evidence
MediumAi Review Evidence
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License