AI Security Review
scanned 5h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/index.js` implements `stamp init`/`bootstrap` writes to `AGENTS.md` and `CLAUDE.md`.
- The inserted `CLAUDE.md` is auto-loaded agent guidance that constrains git workflow.
- `stamp init` creates `.stamp/` configuration, reviewer prompts, keys, and local state.
- `dist/index.js` runs configured checks through `spawnSync(..., {shell:true})` on explicit CLI use.
- Server hook code can push mirrors and post GitHub statuses when server-side credentials/configuration are present.
- `package.json` has only `prepublishOnly`; no install-time lifecycle hook executes for consumers.
- `dist/index.js` is a `stamp` CLI bin; reviewed mutations are command-triggered, not import-time.
- No confirmed credential harvesting or exfiltration path was found in inspected client code.
- Observed GitHub traffic is feature-aligned mirror/status functionality in `dist/hooks/post-receive.cjs`.
- `dist/server/seed-users.cjs` seeds a server database from the operator-provided `AUTHORIZED_KEYS` environment variable; it is not a hidden client persistence payload.
Source & flagged code
5 flagged · loading sourceSource combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L13712Source writes installer persistence such as shell profile or service configuration.
dist/index.jsView on unpkg · L66Source writes persistence or remote-access backdoor material.
dist/server/seed-users.cjsView on unpkg · L22