AI Security Review
scanned 5h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/setup/setup.js` invokes Claude settings patching during explicit `devkit setup`.
- `dist/setup/claude-settings.js` adds `Bash(*)`, agent/skill tools, home reads, and project writes to `~/.claude/settings.json`.
- `dist/setup/patch-permissions.js` merges a template with `WebFetch(*)` and broad filesystem permissions.
- `dist/setup/patch-hooks.js` writes SessionStart and PreToolUse shell-hook commands into `~/.claude/settings.json`.
- `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle script.
- The CLI exposes setup mutation through named user commands, not import-time execution.
- Credential use is limited to package-aligned Bitbucket, Jira, GitLab, and npm update operations.
- No `eval`, VM execution, hidden binary loading, credential exfiltration endpoint, or destructive file deletion was found.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
dist/clients/gitlab/mr.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/setup/validate.jsView on unpkg · L149Package source invokes a package manager install command at runtime.
dist/setup/setup.jsView on unpkg · L51This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkg