AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/runner.js` explicitly launches Claude/Codex CLIs for user-requested stages.
- Codex arguments include `--ask-for-approval never`; host mode maps to `danger-full-access`.
- `dist/extensions-cli.js` can write workspace `.otto` configuration, policies, tools, and skill sources after `otto-extensions init`.
- `dist/linear-api.js` sends a configured Linear token to `https://api.linear.app/graphql`.
- `package.json` has no preinstall/install/postinstall hook; only `prepublishOnly`.
- `dist/index.js` exports functions and has no import-time execution.
- Process launches use fixed CLI programs and argument arrays rather than shell interpolation.
- Extension writes are behind explicit CLI `init`; they target package-owned `.otto` workspace state.
- Agent config checks in `dist/preflight.js` only test credential-file existence.
- No source evidence of credential harvesting, stealth persistence, payload download, or exfiltration.
Source & flagged code
3 flagged · loading source`dist/runner.js` explicitly launches Claude/Codex CLIs for user-requested stages.
dist/runner.jsView on unpkg`dist/extensions-cli.js` can write workspace `.otto` configuration, policies, tools, and skill sources after `otto-extensions init`.
dist/extensions-cli.jsView on unpkg`dist/linear-api.js` sends a configured Linear token to `https://api.linear.app/graphql`.
dist/linear-api.jsView on unpkg