AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/setup/patch-permissions.js` merges `Bash(*)` and `WebFetch(*)` into `~/.claude/settings.json`.
- `dist/setup/setup.js` calls the global Claude settings patch during explicit `devkit setup`.
- `dist/setup/setup.js` can run `npm install -g` and a sudo fallback after interactive confirmation.
- `dist/build/runner.js` executes project-configured build commands with `shell: true`.
- `package.json` has no preinstall, install, postinstall, prepare, or uninstall hooks.
- `dist/cli.js` exposes setup, permission patching, and build execution only as user-invoked CLI commands.
- `dist/clients/bitbucket/http.js` limits built-in API traffic to Bitbucket; npm registry checking is explicit setup validation.
- Credential reads in `dist/credentials/store.js` feed configured Bitbucket/Jira/GitLab operations; no covert exfiltration endpoint was found.
- Dynamic loads only import Node built-ins or local JSON/package metadata; no eval, VM, remote code loader, or binary loading found.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
dist/clients/gitlab/mr.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/setup/validate.jsView on unpkg · L149Package source invokes a package manager install command at runtime.
dist/setup/setup.jsView on unpkg · L51This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkg