AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Runtime HTTP server exposes high-impact local project operations, including terminal creation and agent configuration updates. No install-time attack surface or unconsented foreign AI-agent control-surface mutation was found.
Decision evidence
public snapshot- `src/routes/terminals/service.ts` creates user-requested shell/command terminals.
- `src/runtime/agent/config/paths.ts` writes Otto local or global agent configuration and prompt files.
- `src/index.ts` reflects arbitrary CORS origins and enables private-network access headers.
- `src/index.ts` registers file, git, terminal, MCP, and agent-related server routes at runtime.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- No obfuscated payload, eval/vm execution, binary loader, or install-time network activity was found.
- `src/tunnel-auth.ts` requires daemon, owner-session, or share authorization for non-loopback API access.
- Observed remote endpoints are named product/provider APIs used by explicit service features.
Source & flagged code
4 flagged · loading source`src/routes/terminals/service.ts` creates user-requested shell/command terminals.
src/routes/terminals/service.tsView on unpkg`src/runtime/agent/config/paths.ts` writes Otto local or global agent configuration and prompt files.
src/runtime/agent/config/paths.tsView on unpkg`src/index.ts` reflects arbitrary CORS origins and enables private-network access headers.
src/index.tsView on unpkg`src/index.ts` registers file, git, terminal, MCP, and agent-related server routes at runtime.
src/index.tsView on unpkg