AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/index.js` spawns configured coding-agent and terminal subprocesses.
- `dist/index.js` fetches a remote agent registry and downloads selected agent archives.
- `dist/index.js` defines user-level agent hook/plugin settings under `~/.claude`, `~/.cursor`, `~/.gemini`, and `~/.cline`.
- `dist/index.js` can create OpenACP LaunchAgent/systemd autostart entries after user setup.
- `package.json` has no `preinstall`, `install`, or `postinstall` hook.
- Process launches use argument arrays and `shell: false` where terminal spawning occurs.
- Agent subprocess environments are filtered through an allowlist.
- Telegram requests use the configured bot token for the package's messaging bridge; no unrelated credential-upload path was found.
- No `eval`, `vm`, `Function`, encoded payload execution, or import-time payload was found.
Source & flagged code
7 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L29Source executes local commands and sends command output to an external endpoint.
dist/index.jsView on unpkg · L29A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L29Package source references dynamic require/import behavior.
dist/index.jsView on unpkg · L1469Source writes installer persistence such as shell profile or service configuration.
dist/index.jsView on unpkg · L29