AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/tools/hermesOnboardingAgent.js` explicitly invokes a resolved `hermes` binary with `execFile`.
- Its apply/rebuild/disable modes pass provisioning and destructive-removal arguments to that external tool.
- `dist/tools/hermesOnboardingAgent.js` atomically modifies the configured admin state registry.
- `dist/tools/hermesOnboardingLifecycle.js` exposes explicit MCP actions that create lifecycle, approval, token, and evidence files.
- `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
- `dist/index.js` only starts the stdio MCP server; no provisioning runs on import.
- Provisioning mutations require an MCP tool invocation, validated input, approval packets, and sealed package hashes.
- Secret-pattern logic redacts subprocess output and rejects secret-bearing verification input.
- Network calls are product-aligned Sellable/Slack API operations; no covert exfiltration endpoint was found.
- No eval, VM, shell command string, dynamic code loading, or bundled binary was found.
Source & flagged code
4 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/tools/hermesOnboardingLifecycle.jsView on unpkg · L60RSA private key in dist/tools/hermesOnboardingLifecycle.js
dist/tools/hermesOnboardingLifecycle.jsView on unpkg · L60RSA private key in dist/tools/hermesOnboardingAgent.js
dist/tools/hermesOnboardingAgent.jsView on unpkg · L18This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/tools/hermesOnboardingAgent.jsView on unpkg