AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs `theokit-init-claude` (optionally with `--force`).
Impact
Can influence an AI coding agent's project behavior; `--force` can replace existing control files.
Mechanism
Copies agent configuration and instruction templates into the current project.
Rationale
The package is not malicious by the blocking threshold because the agent-control mutation is an explicit CLI action and no install hook or concrete malicious chain was found. It warrants a warning because it can install or overwrite project-level AI-agent instructions.
Evidence
package.jsonbin/init-claude.mjsclaude-template/AGENTS.mdclaude-template/CLAUDE.mdclaude-template/dot-claude/settings.json.claudeAGENTS.mdCLAUDE.mdclaude-template/dot-claude
Decision evidence
public snapshotAI called this Suspicious at 91.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `bin/init-claude.mjs` explicitly copies package templates into the caller project.
- It creates/merges `.claude` and can write root `AGENTS.md` and `CLAUDE.md`.
- `--force` permits overwriting existing agent-control files.
- Templates include agent instructions and Claude settings under `claude-template/`.
Evidence against
- `package.json` has no preinstall, install, postinstall, or prepare hook.
- The mutation occurs only when the user invokes `theokit-init-claude`.
- Default behavior skips existing destination files unless `--force` is supplied.
- No source-confirmed credential exfiltration, remote payload execution, or stealth persistence was found.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsTelemetryUrlStrings
Source & flagged code
1 flagged · loading sourcedist/project.cjsView file
2L3: var promises = require('fs/promises');
L4: var path = require('path');
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/project.cjsView on unpkg · L2Findings
3 Medium5 Low
MediumDynamic Requiredist/project.cjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings