AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- package.json has postinstall hook scripts/postinstall.mjs.
- scripts/postinstall.mjs chmods node-pty prebuild spawn-helper files under nearby node_modules.
- dist/cli/index.js bootstrap can prompt and invoke claude with a task to edit shell prompt or ~/.claude/settings.json.
- dist/cli/index.js executes user/workspace setup commands and service shell commands during explicit ovr setup/run.
- dist/cli/index.js can import team config from a user-provided http(s) URL.
- No hardcoded exfiltration endpoint or credential upload found.
- postinstall is limited to node-pty spawn-helper chmod and has no network, shell execution, or AI-agent config writes.
- CLI network/process/file operations are tied to explicit dev-control-plane commands: git, Infisical CLI, Supabase/Docker, shell services.
- Secrets/keys are generated and stored under ovr config/data paths for service use, not harvested from arbitrary files.
- Exported modules define helpers/plugins and do not run hidden behavior on import.
Source & flagged code
6 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource writes persistence or remote-access backdoor material.
dist/cli/index.jsView on unpkg · L38A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli/index.jsView on unpkg · L38Package source references dynamic require/import behavior.
dist/cli/index.jsView on unpkg · L397Package source references weak cryptographic algorithms.
dist/cli/index.jsView on unpkg · L38