AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- package.json runs postinstall scripts/postinstall.js
- scripts/devenv.js postinstall runs npm ci/install in bundled/services/backend and source self-heal writes package src files
- bundled/services/backend/src/services/aiManagementGatewayAdmin.js auto-imports kiro/cursor/trae/windsurf/warp/nirvana accounts by default
- bundled/services/backend/src/services/accountPool/candidateDetect.js scans local IDE/CLI credential stores and archives
- bundled/extensions/khy-trae-bridge/extension.js reads Trae auth session token and writes globalStorage/khy-trae-bridge/auth.json
- bundled/services/backend/src/services/gateway/adapters/traeOfficialArtifacts.js reads and rewrites bridge auth.json
- No evidence postinstall modifies foreign AI-agent configs or installs the VSIX automatically
- Token bridge is a bundled first-party extension requiring VS Code/Trae activation and auth session access
- Credential use appears aligned with AI gateway/account-pool functionality, not sent to an unrelated attacker endpoint
- Network endpoints are provider/package-aligned presets or npm install, not hardcoded exfiltration C2
- index.js only exports install and bundle paths
- source self-heal is version-gated, path-bounded, and capped
Source & flagged code
41 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L19AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L19AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L30GitHub personal access token in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L31RSA private key in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L32AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L54AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L61AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L63AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L69AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L75AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L128Hardcoded password in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L41Hardcoded password in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L70Package source references dynamic require/import behavior.
bin/khy.jsView on unpkg · L18Package source references shell execution.
bundled/scripts/bench/win_cost_compact.jsView on unpkg · L14Package source references a known benign dynamic code generation pattern.
bundled/software/khyquant/frontend/dist/assets/IntelligentStrategySelector-DPLaZEuV.jsView on unpkg · L1Package source executes code through a VM context API.
bundled/software/khyquant/services/backtestEngine.jsView on unpkg · L1Package source references weak cryptographic algorithms.
bundled/platform/packages/shared/src/services/gateway/example_plugins/cache-plugin.jsView on unpkg · L1Source writes installer persistence such as shell profile or service configuration.
bundled/services/backend/tests/services/additionalDirectories.test.jsView on unpkg · L28A single source file combines environment access, network access, and code or shell execution; review context before blocking.
bundled/services/backend/bin/khy.jsView on unpkg · L740Source matches reverse-shell style process and socket wiring.
bundled/services/ai-backend/src/services/securityGuardService.jsView on unpkg · L15Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
bundled/scripts/diagnostics/fuzzInputCorpus.jsView on unpkg · L65Package ships WebAssembly modules.
bundled/software/khyquant/frontend/dist/wasm/khy-math-demo.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
bundled/tools/khyos-markdown/unregister-linux.shView on unpkgPackage ships compressed or archive-like blobs.
bundled/extensions/khy-trae-bridge/khy-trae-bridge-0.2.1.vsixView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
bundled/extensions/khy-trae-bridge/khy-trae-bridge-0.2.1.vsixView on unpkgPackage ships high-entropy non-source blobs.
bundled/docs/07_OPS_运维/[OPS-MAN-043] 从0到高手-新手成长路线与pip安装后清单.pdfView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
bundled/services/ai-backend/test/fixtures/coze/sample-linear.zipView on unpkgPackage contains source files above the static scanner size ceiling.
bundled/tools/khyos-markdown/vendor/khyos-muya.jsView on unpkgHardcoded password in bundled/software/khyquant/frontend/dist/assets/Debug--vriC6bB.js
bundled/software/khyquant/frontend/dist/assets/Debug--vriC6bB.jsView on unpkg · L1Hardcoded password in bundled/apps/ai-frontend/dist/assets/Login-BD-XGBty.js
bundled/apps/ai-frontend/dist/assets/Login-BD-XGBty.jsView on unpkg · L1RSA private key in bundled/services/backend/tests/tools/securityScan.test.js
bundled/services/backend/tests/tools/securityScan.test.jsView on unpkg · L36Hardcoded password in bundled/services/backend/tests/auth.sessionSecurityRoutes.test.js
bundled/services/backend/tests/auth.sessionSecurityRoutes.test.jsView on unpkg · L85RSA private key in bundled/services/backend/tests/proxyServer.https.test.js
bundled/services/backend/tests/proxyServer.https.test.jsView on unpkg · L10Hardcoded password in bundled/services/backend/src/constants/commandSchema.js
bundled/services/backend/src/constants/commandSchema.jsView on unpkg · L234Hardcoded password in bundled/services/backend/src/routes/admin.js
bundled/services/backend/src/routes/admin.jsView on unpkg · L141Hardcoded password in bundled/services/backend/src/services/cliAuthService.js
bundled/services/backend/src/services/cliAuthService.jsView on unpkg · L282Hardcoded password in bundled/services/ai-backend/test/workflow.routes.test.js
bundled/services/ai-backend/test/workflow.routes.test.jsView on unpkg · L39