AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/src/commands/init.js` invokes initialization only for explicit `swarmdo init`.
- `dist/src/init/executor.js` appends a Swarmdo instruction block to `~/.claude/CLAUDE.md` by default.
- Init also creates project Claude configuration, helpers, hooks, MCP config, and agent assets.
- `scripts/postinstall.cjs` mutates reachable `agentdb` dependency files during installation.
- Postinstall only copies legacy `agentdb` directories; its exports augmentation function is not called.
- No install-time network, shell execution, credential harvesting, or AI-agent config write was found.
- Global Claude mutation has an explicit `--no-global` opt-out and is reached through a user CLI command.
- The scanner's `eval` match is a security-scanner regex, not runtime dynamic execution.
Source & flagged code
17 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/src/init/statusline-generator.jsView on unpkg · L85Package source invokes a package manager install command at runtime.
dist/src/init/statusline-generator.jsView on unpkg · L222Source writes installer persistence such as shell profile or service configuration.
dist/src/init/statusline-generator.jsView on unpkg · L18Package source references dynamic require/import behavior.
dist/src/init/executor.jsView on unpkg · L272Package source references a known benign dynamic code generation pattern.
dist/src/commands/security.jsView on unpkg · L143A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/src/benchmarks/gaia-tools/grounded_query.js#virtual:normalized:round1View on unpkg · L49Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/src/memory/neural-package-bridge.jsView on unpkg · L38Package ships WebAssembly modules.
vendor/rabitq-wasm/swarmvector_rabitq_wasm_bg.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
plugins/swarmdo-metaharness/scripts/smoke.shView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.claude/skills/sdo-caveman-compress/scripts/benchmark.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/src/commands/release.jsView on unpkgHardcoded password in .claude/agents/sparc/refinement.md
.claude/agents/sparc/refinement.mdView on unpkg · L339Hardcoded password in .claude/agents/sparc/refinement.md
.claude/agents/sparc/refinement.mdView on unpkg · L367Hardcoded password in .claude/agents/sparc/refinement.md
.claude/agents/sparc/refinement.mdView on unpkg · L543