AI Security Review
scanned 13d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/index.js starts a Fastify gateway on CLI/runtime import via bin/next-ai-gateway.js.
- dist/index.js.map source shows user/config-driven child_process spawn for stdio external JSON, MCP servers, and event sinks.
- dist/index.js.map exposes agent code_tool.runCode, spawning deno for agent-supplied code, but with --deny-env/net/read/write/run and temp cleanup.
- Manager/raw-trace/file-store code can write gateway.config.json, .agent-data, and raw trace spool only during configured runtime/API use.
- package.json has no install/postinstall lifecycle scripts.
- bin/next-ai-gateway.js only requires dist/index.js; no install-time execution or home/agent config mutation found.
- Network calls are package-aligned AI gateway behavior: provider APIs, configured webhooks/external sources, OAuth token refresh, MCP WebSocket.
- No evidence of credential harvesting, hardcoded exfiltration endpoint, persistence, destructive actions, or prompt/reviewer manipulation.
Source & flagged code
3 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L1Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L1