AI Security Review
scanned 7h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/bin.js runtime installs bundled skills into ~/.claude/skills or ~/.agents/skills for Claude/Codex/Gemini.
- dist/bin.js launches Claude with --permission-mode bypassPermissions and --dangerously-skip-permissions; Codex/Gemini paths use --yolo/--skip-trust.
- dist/bin.js writes project context under .netlify/ and may append @AGENTS.md to CLAUDE.local.md during CLI execution.
- dist/bin.js uploads diffs/native sessions and updates agent sessions through Netlify API/S3 URLs.
- package.json postinstall only runs scripts/postinstall.js; no install-time agent control-surface writes found.
- scripts/postinstall.js only applies local patches/*.patch if present; no patches directory/files are included in extracted package.
- Network activity is Netlify agent-runner aligned: api.netlify.com, AI Gateway, S3 upload/download URLs.
- Bundled skills are Netlify product guidance, not hidden credential theft or prompt-reviewer manipulation.
Source & flagged code
8 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/bin-local.jsView on unpkg · L1Package source references weak cryptographic algorithms.
dist/bin-local.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version.
dist/bin.jsView on unpkgSource combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/bin.jsView on unpkg · L19