AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- package.json defines postinstall script scripts/postinstall.mjs
- scripts/postinstall.mjs chmods node-pty prebuilds/*/spawn-helper under reachable node_modules trees
- dist/cli/index.js bootstrap can hand off to claude with a prompt to edit shell prompt and ~/.claude/settings.json after interactive confirmation
- dist/cli/index.js dynamically imports local ovr.config.* files and runs user-declared setup commands during explicit CLI workflows
- No install-time network access or credential harvesting found in package.json or scripts/postinstall.mjs
- Postinstall is limited to node-pty spawn-helper executable bit repair and debug logging via OVR_POSTINSTALL_DEBUG
- Claude Code config mutation is opt-in inside cmdBootstrap, not automatic during install or import
- Network fetches are user-supplied team config/readiness URLs or localhost-oriented service checks
- child_process usage is core CLI behavior for git, package managers, shells, docker, supabase, infisical, and configured services
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource writes persistence or remote-access backdoor material.
dist/cli/index.jsView on unpkg · L38A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli/index.jsView on unpkg · L38This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli/index.jsView on unpkgPackage source references dynamic require/import behavior.
dist/cli/index.jsView on unpkg · L397Package source references weak cryptographic algorithms.
dist/cli/index.jsView on unpkg · L38