AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/index.js` implements `stamp init`/`bootstrap` to create or update repository-root `AGENTS.md` and `CLAUDE.md`.
- The `CLAUDE.md` content states it is auto-loaded by Claude Code and directs agent git workflow.
- The same explicit setup path scaffolds `.stamp/` policy files and can stage them with Git.
- `dist/index.js` runs configured checks through `spawnSync(..., {shell:true})`, but this is command-driven project checking rather than install-time execution.
- `dist/index.js` has user-configured HTTP/reviewer-fetch functionality, including `https://raw.githubusercontent.com/` sources.
- `package.json` has only `prepublishOnly`; no `preinstall`, `install`, or `postinstall` hook executes for consumers.
- The package entrypoint is a `stamp` CLI; inspected filesystem, shell, network, and agent-file actions are reached through explicit commands.
- Agent-file writes are scoped to the current repository root and use managed marker blocks.
- No inspected source showed credential harvesting, hidden exfiltration, remote payload execution, or broad foreign control-surface mutation.
Source & flagged code
6 flagged · loading sourceSource combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L13821Source writes installer persistence such as shell profile or service configuration.
dist/index.jsView on unpkg · L67Source writes persistence or remote-access backdoor material.
dist/server/seed-users.cjsView on unpkg · L22This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/chunk-TUJLSQKG.jsView on unpkg