AI Security Review
scanned 41m ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The MCP exposes an explicit Hermes onboarding lifecycle that can invoke an external installer and persist package-owned state. No install-time execution or unconsented mutation of a foreign AI-agent configuration was found.
Decision evidence
public snapshot- `dist/tools/hermesOnboardingAgent.js` invokes a PATH-resolved `hermes` binary with `execFile`.
- Its `apply`, `rebuild`, and `disable` modes can provision or tear down customer-agent resources.
- The tool writes Hermes registry, ledger, and disable-receipt state under the package-owned admin home.
- `dist/tools/hermesCustomerToken.js` mints and stores customer tokens in owner-only local files.
- `package.json` has no `preinstall`, `install`, or `postinstall` hook.
- `dist/index.js` only starts an MCP stdio server; onboarding actions require an MCP tool call.
- Mutation modes require approval-packet validation and immutable package SHA-256 candidates.
- Secret-pattern logic redacts process output and rejects secret values in setup arguments.
Source & flagged code
3 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/tools/hermesOnboardingAgent.jsView on unpkg · L18RSA private key in dist/tools/hermesOnboardingAgent.js
dist/tools/hermesOnboardingAgent.jsView on unpkg · L18This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/tools/hermesOnboardingAgent.jsView on unpkg