AI Security Review
scanned 18h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- bundle/cli.js user-invoked setup/connect patches AI harness hook configs for Claude Code, Codex, and Cursor.
- bundle/cli.js copies bundled hook handlers into ~/.claude/plugins, ~/.codex/plugins, or ~/.cursor/honeycomb paths.
- hook bundles capture prompts/tool/session events and POST them to local daemon endpoints under http://127.0.0.1:3850/api/hooks.
- bundle/cli.js can register a Claude marketplace plugin by spawning claude plugin commands when setup runs.
- bundle/cli.js includes lifecycle telemetry to https://us.i.posthog.com and DeepLake auth/storage endpoints.
- package.json postinstall only runs two sanity-check scripts, not hook/config mutation.
- scripts/ensure-tree-sitter.mjs only resolves tree-sitter WASM files and exits non-fatally.
- scripts/ensure-embed-deps.mjs only checks optional @huggingface/transformers resolution and downloads nothing.
- AI harness mutation is explicit user command behavior via honeycomb setup/connect, not npm install-time execution.
- Hook/config patching preserves foreign entries and uninstall removes only Honeycomb-marked entries.
- Network endpoints are package-aligned loopback, DeepLake, HuggingFace model warmup, and documented telemetry.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
harnesses/claude-code/bundle/pre-tool-use.jsView on unpkg · L16133This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bundle/cli.jsView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
bundle/cli.jsView on unpkg · L132Source writes installer persistence such as shell profile or service configuration.
bundle/cli.jsView on unpkg · L132Package source references dynamic require/import behavior.
embeddings/embed-daemon.jsView on unpkg · L34Package source references a known benign dynamic code generation pattern.
embeddings/embed-daemon.jsView on unpkg · L34A single source file combines environment access, network access, and code or shell execution; review context before blocking.
daemon/restart-helper.jsView on unpkg · L1Package ships high-entropy non-source blobs.
assets/logos/fonts/JetBrainsMono-Regular.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
daemon/index.jsView on unpkg