AI Security Review
scanned 4h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- src/skill-command.js: user-invoked skill install clones configured GitHub repositories.
- src/skill-command.js: install runs skills CLI with --global and agent selection.
- src/skill-command.js: install replaces/symlinks ~/.claude/skills or ~/.codex/skills targets.
- src/launchd-installer.js: explicit obsidian install writes and loads a per-vault launchd plist.
- package.json has no preinstall, install, postinstall, or prepare lifecycle hook.
- bin/r1.js only dispatches explicit CLI arguments; no import-time network or mutation.
- Agent changes require r1 skill install and use configured repositories; foreign targets require --force.
- Network use is user-configured MCP RPC or Resend email, with no credential harvesting or hidden endpoint.
- No eval, vm, dynamic code loading, shell interpolation, or bundled payload was found.
Source & flagged code
2 flagged · loading sourceSource writes installer persistence such as shell profile or service configuration.
src/launchd-installer.jsView on unpkg · L14This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/skill-config.jsView on unpkg