AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/stores/localTools.js` exposes shell, file, git, and browser-tab tool definitions.
- `dist/stores/localTools.js` sends local-tool execution requests through `chrome.runtime.sendMessage`.
- `dist/state/chatLoopController.js` routes model-originated pending local-tool calls to a host executor.
- `package.json` has no preinstall, install, postinstall, or prepare hook.
- `dist/stores/localTools.js` requires an available extension runtime and explicit permission handling before execution.
- `dist/client/transport.js` only calls host-configured HTTP/SSE chat endpoints; no hard-coded external endpoint.
- No filesystem, child-process, eval, encoded-payload, or credential-harvesting primitive was found in emitted source.
Source & flagged code
3 flagged · loading source`dist/stores/localTools.js` exposes shell, file, git, and browser-tab tool definitions.
dist/stores/localTools.jsView on unpkg`dist/stores/localTools.js` sends local-tool execution requests through `chrome.runtime.sendMessage`.
dist/stores/localTools.jsView on unpkg`dist/state/chatLoopController.js` routes model-originated pending local-tool calls to a host executor.
dist/state/chatLoopController.jsView on unpkg