AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist-cli/kai-cli.js` exposes an AI-callable shell tool that runs arbitrary commands via the user's shell.
- `dist-cli/kai-cli.js` starts configured MCP command servers with inherited environment variables.
- `dist-cli/kai-cli.js` provides PTY and agent-browser execution capabilities.
- `dist-cli/kai-cli.js` can download and install skill packages into its own `.kai` data area.
- `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle scripts.
- `bin/kai-cli.js` only validates bundled renderer files, then loads the CLI entrypoint.
- The HTTP server and remote-access token are started only by explicit `kai-cli start`.
- Compressed renderer assets decode as ordinary JavaScript, not an opaque executable payload.
- No source evidence of credential harvesting, hidden exfiltration, destructive install-time behavior, or foreign agent-config mutation.
Source & flagged code
5 flagged · loading sourcePackage source references dynamic require/import behavior.
bin/kai-cli.jsView on unpkg · L8Package ships high-entropy non-source blobs.
dist-electron/renderer/assets/cytoscape.esm-D6E6cAed.js.gzView on unpkgPackage ships compressed or archive-like blobs.
dist-electron/renderer/assets/cytoscape.esm-D6E6cAed.js.gzView on unpkgPackage contains source files above the static scanner size ceiling.
dist-electron/renderer/assets/index-Bb_KacN-.jsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist-cli/kai-cli.jsView on unpkg