AI Security Review
scanned 1h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/cli/index.js` can invoke the local `claude` CLI to request edits to `~/.claude/settings.json`.
- This Claude configuration flow is reachable only through interactive `ovr bootstrap` selections and confirmation.
- `package.json` defines `postinstall`; `scripts/postinstall.mjs` chmods `node-pty` spawn-helper files in reachable node_modules layouts.
- `scripts/postinstall.mjs` performs no network access, credential collection, shell execution, or AI-agent configuration mutation.
- The Claude action is explicit, interactive, and delegated to the user's installed `claude` command rather than silently editing configs.
- Network fetches in `dist/cli/index.js` are limited to a user-supplied team-config URL; no fixed remote endpoint or exfiltration path was found.
- Project config dynamic import and setup command execution require user-invoked CLI operations on workspace repositories.
Source & flagged code
6 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource writes persistence or remote-access backdoor material.
dist/cli/index.jsView on unpkg · L39A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli/index.jsView on unpkg · L39Package source references dynamic require/import behavior.
dist/cli/index.jsView on unpkg · L141Package source references weak cryptographic algorithms.
dist/cli/index.jsView on unpkg · L39