AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs `contextweaver install-skills --dir <target>` and an agent later follows the installed Skill.
Impact
Can alter a selected agent Skill directory and cause later agent-driven indexing or code transmission to configured providers.
Mechanism
Explicit agent-Skill installation plus repository indexing and configured embedding/rerank requests.
Rationale
No concrete malicious or unconsented install-time behavior was found. Flag as warn because explicit installation of agent-executed Skills can influence subsequent agent actions and repository data flow.
Evidence
package.jsondist/index.jsdist/chunk-MRAB3EEO.jsdist/chunk-KCIJXGQ2.jsdist/chunk-6EEGV563.jsskills/using-contextweaver/SKILL.md~/.contextweaver/.env~/.contextweaver/indexes.jsoncwconfig.json<explicit --dir>/<bundled-skill>
Network endpoints2
api.siliconflow.cn/v1/embeddingsapi.siliconflow.cn/v1/rerank
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `dist/index.js` exposes `install-skills`, which copies bundled agent Skill directories to an explicitly supplied target.
- With `--force`, `dist/chunk-MRAB3EEO.js` recursively removes same-named target Skill directories before copying.
- `skills/using-contextweaver/SKILL.md` instructs agents to proactively initialize/index repositories and use configured remote embedding/rerank APIs.
Evidence against
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- CLI mutations occur only under explicit commands such as `init`, `index`, `init-project`, or `install-skills`.
- Network calls in `dist/chunk-6EEGV563.js` and `dist/SearchService-X3QLUJNE.js` use user-supplied API configuration for stated embedding/reranking.
- No shell payload execution, credential harvesting beyond configured API keys, or hidden exfiltration was found.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/chunk-4D5C37FX.jsView file
307async function addFileHash(label, filePath, hashes) {
L308: const crypto2 = await import("crypto");
L309: try {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/chunk-4D5C37FX.jsView on unpkg · L307dist/chunk-BJVI5XLJ.jsView file
4import {
L5: ensurePrivateDirSync,
L6: hardenPrivatePathSync
...
L348: import Database from "better-sqlite3";
L349: var BASE_DIR = path.join(os.homedir(), ".contextweaver");
L350: function getDirectoryBirthtime(projectPath) {
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/chunk-BJVI5XLJ.jsView on unpkg · L4Findings
3 Medium5 Low
MediumDynamic Requiredist/chunk-4D5C37FX.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowWeak Cryptodist/chunk-BJVI5XLJ.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings