AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs `lesto generate agents` or `lesto eval`.
Impact
`generate agents` can update `AGENTS.md` and `llms.txt` in the current project; `eval` may send evaluation inputs to Anthropic using the user-provided API key.
Mechanism
Explicit project scaffolding and optional Anthropic-backed evaluation.
Rationale
Source inspection found no lifecycle hook, install-time execution, stealth persistence, credential theft, or unconsented remote payload chain. The explicit agent-file generator is a real but user-invoked AI-agent capability, so warn rather than block.
Evidence
package.jsonbin/lesto.mjsdist/bin.jsdist/src-EEY4QS2T.jsAGENTS.mdllms.txtlesto.evals.tslesto.app.tsapp/routesapp/islands
Network endpoints1
api.anthropic.com/v1/messages
Decision evidence
public snapshotAI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `lesto generate agents` writes project-root `AGENTS.md` and `llms.txt`.
- Writes occur only after explicit `generate agents` command dispatch.
- `eval` can use `ANTHROPIC_API_KEY` to call Anthropic's messages API.
Evidence against
- `package.json` has no preinstall, install, postinstall, or prepare hook.
- Launcher only selects and imports the packaged CLI or local development entry.
- Agent generation supports `--check` and `--dry-run`; no stealth trigger found.
- No credential harvesting, broad agent-config discovery, or unsolicited exfiltration found.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/bin.jsView file
114deps.out(`eval: ${failures} of ${evals.length} failed`);
L115: throw new CliError("CLI_EVAL_FAILED", `${failures} eval(s) failed.`, {
L116: failed: failures,
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/bin.jsView on unpkg · L114bin/lesto.mjsView file
27jsx: { runtime: "automatic", importSource: "react" },
L28: }).import(entry);
Medium
Dynamic Require
Package source references dynamic require/import behavior.
bin/lesto.mjsView on unpkg · L27Findings
3 Medium5 Low
MediumDynamic Requirebin/lesto.mjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowEvaldist/bin.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings