AI Security Review
scanned 1h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/cli.cjs exposes user home file list/read/write/upload/download handlers to cloud requests after daemon starts.
- dist/cli.cjs runs remote-requested shell commands via /bin/zsh -lc from the user home directory.
- dist/cli.cjs user-invoked install writes ~/Library/LaunchAgents/ai.nodus.desktop.plist with RunAtLoad/KeepAlive.
- dist/cli.cjs inventories Codex skills, ~/.agents skills, Codex plugin cache, and enabled Codex MCP servers.
- dist/mcp.cjs proxies tools/list, resources/read, prompts/get, and tools/call to configured MCP servers.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- README documents explicit login/install commands for a macOS desktop runtime.
- Persistence is created by the explicit nodus-desktop install command, not npm install/import time.
- Credential storage uses macOS security CLI for ai.nodus.desktop pairing credentials.
- File access is constrained by resolveLocal to paths under the user home directory.
Source & flagged code
6 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.cjsView on unpkg · L3728Source combines credential-like environment material and outbound requests; review data flow before blocking.
dist/cli.cjsView on unpkg · L44Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/cli.cjsView on unpkg · L44