AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/commands/mcp.js` runs `claude mcp add` and otherwise writes `./.mcp.json` on explicit install/bind flows.
- `dist/proxy.js` forwards MCP JSON-RPC using a workspace key and can be spawned by an MCP harness.
- `dist/commands/gate.js` explicitly writes a Git hook and GitHub Action when `retasc gate install` is invoked.
- `package.json` has no preinstall/install/postinstall hook; `prepublishOnly` only builds before publishing.
- `dist/commands/mcp.js` refuses global `--scope user` and downgrades it to local scope.
- `dist/config.js` and `dist/lib/keystore.js` store package credentials under `~/.retasc` with mode `0600`.
- Network use is package-aligned: GitHub device login, Retasc Convex management, and the Retasc MCP endpoint.
- No eval, dynamic code loading, shell interpolation, arbitrary command execution, or unexplained exfiltration was found.
Source & flagged code
3 flagged · loading source`dist/commands/mcp.js` runs `claude mcp add` and otherwise writes `./.mcp.json` on explicit install/bind flows.
dist/commands/mcp.jsView on unpkg`dist/proxy.js` forwards MCP JSON-RPC using a workspace key and can be spawned by an MCP harness.
dist/proxy.jsView on unpkg`dist/commands/gate.js` explicitly writes a Git hook and GitHub Action when `retasc gate install` is invoked.
dist/commands/gate.jsView on unpkg