AI Security Review
scanned 7d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- code-tool.js exposes default MCP execute tool for user/agent-supplied TypeScript code.
- code-tool.js spawns Deno worker with --allow-env and --allow-net limited to SDK client baseURL hostname.
- code-tool-worker.js imports a data: TypeScript module built from supplied code and calls exported run(client).
- http.js accepts x-stainless-mcp-client-permissions to override method allow/block options for HTTP clients.
- package.json has no npm lifecycle install/preinstall/postinstall hooks.
- index.js only starts stdio/http MCP transport when invoked as bin/main, not on install or import.
- No writes to .mcp.json, CLAUDE.md, Claude/Codex/Cursor settings, shell startup files, VCS hooks, or autostart paths found.
- Deno worker read access is scoped to package/node_modules paths and SDK symlink target; no broad filesystem read/write permission.
- HTTP logs redact auth/key/token/cookie headers in http.js.
- local-docs-search.js reads only explicit docsDir markdown/json files for local search indexing.
Source & flagged code
4 flagged · loading sourcePackage source references dynamic require/import behavior.
instructions.jsView on unpkg · L7Tarball package.json differs from the npm registry version manifest for scripts or dependency sets.
package.jsonView on unpkgPackage manifest contains a dependency pinned to a remote tarball URL.
package.jsonView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
local-docs-search.jsView on unpkg