AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `minicor-bootstrap` or invokes exposed MCP VM/code-mode tools.
Impact
Can grant Minicor MCP permissions in a workspace and execute installation/startup scripts on authorized managed VMs.
Mechanism
explicit agent-config mutation and authenticated remote script execution
Rationale
No concrete malicious chain or unconsented install-time mutation was found. The explicit agent configuration and VM execution capabilities warrant a warning rather than a block.
Evidence
package.jsondist/bootstrap.jsdist/tools/vm.jsdist/codemode.jsdist/setup.jsdist/paths.jsCLAUDE.md.claude/settings.local.json.cursor/rules/workspace.mdc.minicor/system-prompt.md
Network endpoints4
api.laminar.runca.api.laminar.runlam-vm-service-ernfuwetfa-uc.a.run.appwww.minicor.com/installs/desktop-service/ps1
Decision evidence
public snapshotAI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `dist/bootstrap.js` explicitly writes `CLAUDE.md`, `.claude/settings.local.json`, and Cursor rules.
- Bootstrap adds a broad allowlist of `mcp__minicor__*` tools, including VM script execution.
- `dist/tools/vm.js` downloads a PowerShell installer and submits scripts to authenticated VM `run-script` endpoints.
- `dist/codemode.js` evaluates user-supplied code in a Node VM worker.
Evidence against
- `package.json` has only `prepare`; no `preinstall`, `install`, or `postinstall` hook.
- Bootstrap requires an explicit `minicor-bootstrap <target>` invocation and a local `minicor.json` workspace.
- Observed network calls are authenticated Minicor/Laminar API and VM-service operations; no unrelated exfiltration endpoint found.
- No automatic foreign AI-agent configuration mutation occurs during installation or import.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/setup.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @minicor/mcp-server@3.9.0
matchedIdentity = npm:QG1pbmljb3IvbWNwLXNlcnZlcg:3.9.0
similarity = 0.830
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/setup.jsView on unpkgFindings
1 High2 Medium5 Low
HighPrevious Version Dangerous Deltadist/setup.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings