AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- src/config.ts defines Codex with --yolo and Claude with --dangerously-skip-permissions.
- src/cli.ts launches configured AI tools with inherited environment and supplied error text.
- src/bin.ts exposes the AI-launching TUI only through normal CLI runtime.
- src/shell-install.ts writes shell integration only after explicit install-shell invocation.
- package.json has no preinstall, install, postinstall, or prepare hook; prepublishOnly is publish-time validation.
- No package-originated HTTP client, remote endpoint, credential exfiltration, eval, or payload download was found.
- Network checks use only 127.0.0.1 port probes.
- Shell/profile and config writes are interactive user-invoked setup actions.
Source & flagged code
3 flagged · loading sourcePackage source references dynamic require/import behavior.
bin/dev-menu.mjsView on unpkg · L7Source writes installer persistence such as shell profile or service configuration.
src/shell-install.tsView on unpkg · L52This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/cli.tsView on unpkg