AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs `agentmesh skill install`, `agentmesh update install`, or flow/MCP commands.
Impact
A user-requested skill install can influence supported coding-agent behavior in that project; configured commands inherit the user environment.
Mechanism
Explicit AI-agent skill setup and local subprocess orchestration.
Rationale
No concrete malicious behavior was found after source inspection, but the package deliberately mutates AI-agent skill surfaces on an explicit command and orchestrates local agent processes. Flag as warn under the agent-control capability policy rather than block.
Evidence
package.jsonpackages/skills/agentmesh-skill/SKILL.mddist-node/packages/skills/src/verify.jsdist-node/packages/runtime/src/adapters.jsdist-node/packages/runtime/src/cli-management.jsdist-node/packages/runtime/src/update/check.js.agents/skills/agentmesh/SKILL.md.claude/skills/agentmesh/SKILL.md
Network endpoints2
registry.npmjs.org/@jinhx128%2Fagentmesh/latestapi.github.com/repos/jinhx128/agentmesh/releases/latest
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `skill install` explicitly writes AgentMesh skill files into Codex/Claude-compatible project directories.
- `update install --target cli` can run npm globally when invoked.
- Configured agent and MCP commands are executed as local subprocesses with inherited environment.
Evidence against
- `package.json` has no preinstall/install/postinstall lifecycle hook.
- No eval/vm/Function or dynamic module-loading primitive was found in inspected source.
- Network use is limited to explicit update/version checks against npm and GitHub.
- Bundled skill tells agents not to store tokens, cookies, API keys, or session files.
- No credential harvesting, exfiltration, stealth persistence, or destructive behavior was found.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsMinifiedObfuscatedUrlStrings
NoLicense
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
6 Medium6 Low
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumAi Review Evidence
MediumAi Review Evidence
MediumAi Review Evidence
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License