AI Security Review
scanned 4d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/cli/index.js statusline install explicitly writes Claude Code settings statusLine hook under claudeConfigDir().
- dist/chunk-AUKKMD5H.js pre-trusts temporary Claude worktrees by editing .claude.json project trust state during live runs.
- dist/chunk-AUKKMD5H.js launches claude/codex/git/gh and user-configured verify/setup commands as core package functionality.
- dist/cli/index.js notify setup polls Telegram and stores chatId into the user config on explicit command.
- package.json has no preinstall/install/postinstall lifecycle scripts.
- dist/core/index.js only re-exports core APIs; no import-time network or execution observed.
- Network use is package-aligned: npm update checks, ntfy/Telegram notifications, GitHub/forge/git operations.
- Token capture via claude setup-token is explicit afterburner auth and stores locally with mode 0600, not exfiltrated.
- Scheduler, skill, update, statusline, and notify mutations are exposed as explicit CLI commands, not install-time behavior.
Source & flagged code
8 flagged · loading sourceSource executes local commands and sends command output to an external endpoint.
dist/cli/index.jsView on unpkg · L75A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli/index.jsView on unpkg · L75This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli/index.jsView on unpkgPackage source references child process execution.
dist/cli/index.jsView on unpkg · L332A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli/index.jsView on unpkg · L3161Package source invokes a package manager install command at runtime.
dist/cli/index.jsView on unpkg · L3017Source writes installer persistence such as shell profile or service configuration.
dist/cli/index.jsView on unpkg · L75