AI Security Review
scanned 4d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- skills/impeccable/scripts/live-copy-edit-agent.mjs spawns codex with --dangerously-bypass-approvals-and-sandbox for copy-edit application.
- skills/impeccable/scripts/live-copy-edit-agent.mjs can spawn claude with --permission-mode bypassPermissions.
- skills/graphify/__main__.py has explicit install commands that write .codex/hooks.json and .gemini/settings.json hooks.
- package.json has no consumer install/postinstall/preinstall hook; prepublishOnly is publisher-side only.
- dist/cli.js reverse-shell/exfil matches are defensive Guardian regex rules, not executed payloads.
- dist/cli.js network use is package-aligned: LLM providers plus user-configured Telegram/Discord/WhatsApp channels.
- Credential-looking channel tokens are validated and stored locally under ~/.oriro/channels.json after explicit user command.
- skills/craft/uipm-design-system/scripts/generate-tokens.cjs only reads token JSON and writes generated CSS/Tailwind output.
Source & flagged code
19 flagged · loading sourcePackage contains a critical-looking secret pattern.
skills/technical/api-builder/SKILL.mdView on unpkg · L94Supabase service role key (JWT) in skills/technical/api-builder/SKILL.md
skills/technical/api-builder/SKILL.mdView on unpkg · L94Source appears to send environment or credential material to an external endpoint.
dist/cli.jsView on unpkg · L8Source executes local commands and sends command output to an external endpoint.
dist/cli.jsView on unpkg · L8Source matches reverse-shell style process and socket wiring.
dist/cli.jsView on unpkg · L8A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli.jsView on unpkg · L8Source writes installer persistence such as shell profile or service configuration.
dist/cli.jsView on unpkg · L8Package source references dynamic require/import behavior.
skills/craft/uipm-design-system/scripts/generate-tokens.cjsView on unpkg · L9Package source references weak cryptographic algorithms.
skills/impeccable/scripts/live-svelte-component.mjsView on unpkg · L20Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
skills/impeccable/scripts/live-server.mjsView on unpkg · L15Package source invokes a package manager install command at runtime.
skills/craft/vercel-optimize/lib/vercel.mjsView on unpkg · L15Package ships non-JavaScript build or shell helper files.
skills/model-usage/scripts/test_model_usage.pyView on unpkgPackage ships high-entropy non-source blobs.
skills/theme-factory/theme-showcase.pdfView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
skills/uipm-ui-styling/scripts/tests/test_shadcn_add.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
skills/impeccable/scripts/live-copy-edit-agent.mjsView on unpkgHardcoded password in skills/graphify/skill-devin.md
skills/graphify/skill-devin.mdView on unpkg · L678Hardcoded password in skills/graphify/skill-aider.md
skills/graphify/skill-aider.mdView on unpkg · L561