AI Security Review
scanned 4d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/chunk-4TTWKEKW.js builds a live Claude invocation with --permission-mode bypassPermissions for configured agent tasks.
- dist/cli/index.js statusline install writes an Afterburner command into ~/.claude/settings.json after an interactive prompt.
- dist/cli/index.js skill install copies bundled skill/SKILL.md into ~/.claude/skills/afterburner on explicit command.
- dist/cli/index.js auth command spawns `claude setup-token` and stores a Claude OAuth token locally for scheduled runs.
- dist/chunk-4TTWKEKW.js runs repo-configured setup/verify commands via execFile during user-configured automation.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- Dangerous operations are exposed through explicit CLI commands or config-gated runs, not install-time execution.
- Network use is package-aligned: Telegram bot API, ntfy notifications, npm registry update checks, and GitHub/repo operations.
- Agent prompts treat issue/task text as untrusted data and use env vars instead of interpolating into argv.
- Claude statusline install backs up existing settings and chains prior statusLine rather than silently overwriting it.
- No source evidence of credential exfiltration, stealth persistence, destructive payload, or remote code download on import/install.
Source & flagged code
8 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/chunk-4TTWKEKW.jsView on unpkgPackage source references child process execution.
dist/chunk-4TTWKEKW.jsView on unpkg · L549Source writes installer persistence such as shell profile or service configuration.
dist/chunk-4TTWKEKW.jsView on unpkg · L255Source executes local commands and sends command output to an external endpoint.
dist/cli/index.jsView on unpkg · L73A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli/index.jsView on unpkg · L73A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli/index.jsView on unpkg · L3152Package source invokes a package manager install command at runtime.
dist/cli/index.jsView on unpkg · L3011