AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/tools/delegate.js` implements agent shell/process execution through `execa`.
- `dist/channels/telegram/main.js` dispatches admitted Telegram messages to the agent and returns replies through the bot API.
- `dist/tools/index.js` exposes user-directed web fetching and configurable HTTP hooks.
- `dist/observability/telemetry-sink.js` can POST telemetry to a configured endpoint.
- `package.json` has no `preinstall`, `install`, or `postinstall` hook.
- No remote payload decoding or `eval`/`Function` execution was found in `dist/tools/index.js`.
- Dynamic imports load declared packages (`@anthropic-ai/claude-agent-sdk`, `turndown`, optional `playwright`).
- Telegram ingress requires an owner direct message or an admitted routing binding in `dist/channels/telegram/main.js`.
Source & flagged code
11 flagged · loading sourcePackage source references child process execution.
dist/tools/delegate.jsView on unpkg · L5968Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/tools/index.jsView on unpkg · L116Package source references dynamic require/import behavior.
dist/tools/index.jsView on unpkg · L20185Source writes installer persistence such as shell profile or service configuration.
dist/tools/index.jsView on unpkg · L116Source appears to send environment or credential material to an external endpoint.
dist/bin/neo-live-driver.jsView on unpkg · L57Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/bin/neo-live-driver.jsView on unpkg · L57Source executes local commands and sends command output to an external endpoint.
dist/channels/telegram/main.jsView on unpkg · L121A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/bin/neo-tg.jsView on unpkg · L122Package contains source files above the static scanner size ceiling.
dist/bin/neo.jsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/bin/neo.jsView on unpkg