AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- README.md documents remote messaging control of coding agents that write code and run commands.
- dist/cli.js dispatches user-selected agent/server commands and can spawn daemon children.
- dist/index.js downloads configured agent/cloudflared binaries and extracts them locally.
- dist/index.js supports explicit user autostart via launchd or systemd user-service files.
- package.json has no preinstall, install, postinstall, or other lifecycle scripts.
- No hidden network endpoint or credential-harvesting/exfiltration flow was found in inspected fetch call sites.
- Telegram requests use the configured bot token solely against api.telegram.org for validation/integration.
- Process execution uses argument arrays with shell disabled where updater spawning is inspected; archive paths are checked.
Source & flagged code
7 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L29Source executes local commands and sends command output to an external endpoint.
dist/index.jsView on unpkg · L29A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L29Package source references dynamic require/import behavior.
dist/index.jsView on unpkg · L1469Source writes installer persistence such as shell profile or service configuration.
dist/index.jsView on unpkg · L29