AI Security Review
scanned 5d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/src/skills.js copies bundled skills into ~/.claude, ~/.codex, opencode, ~/.gemini, Antigravity, or local project skill dirs when CLI is run.
- dist/src/installers/superpowers.js invokes claude/codex/gemini plugin or extension install commands.
- dist/src/installers/rtk.js downloads a GitHub release asset, verifies SHA-256, installs an rtk binary, then runs rtk init --global --auto-patch.
- dist/src/runtimes.js can pipe the official Antigravity installer URL to bash, but only under --install-missing-clis/user-selected runtime flow.
- package.json has no preinstall/install/postinstall hook; npm install does not run the agent config mutation path.
- bin entrypoint only calls runInstaller; setup-agent-toolkit.sh is a wrapper around node dist/bin/agent-toolkit.js.
- External tool sources are pinned in tools.lock.json and provenance checks reject mutable or identity-changing overrides unless explicitly allowed.
- No credential harvesting, secret exfiltration, destructive filesystem sweep, obfuscation, eval/vm, or import-time execution found in inspected source.
Source & flagged code
6 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/src/system.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/src/system.jsView on unpkgPackage ships non-JavaScript build or shell helper files.
setup-agent-toolkit.shView on unpkgHardcoded password in skills/backend/fastify-best-practices/rules/testing.md
skills/backend/fastify-best-practices/rules/testing.mdView on unpkg · L82