AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `theokit-init-claude`.
Impact
A user-invoked setup can grant the configured agent npm/pnpm/npx shell-command capability.
Mechanism
Copies packaged Claude Code settings and agent instruction files into the current workspace.
Rationale
Source inspection confirms an explicit agent-configuration setup capability rather than automatic malware behavior. Per policy, explicit user-command agent configuration mutation warrants a warning, not a block.
Evidence
package.jsonbin/init-claude.mjsclaude-template/dot-claude/settings.jsondist/a2a/index.jsdist/index.jsclaude-template/AGENTS.mdclaude-template/CLAUDE.md.claude/**AGENTS.mdCLAUDE.md
Decision evidence
public snapshotAI called this Suspicious at 92.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `bin/init-claude.mjs` copies into the caller workspace.
- It writes `.claude/**`, `AGENTS.md`, and `CLAUDE.md`.
- Template `settings.json` permits `Bash(npm *)`, `Bash(pnpm *)`, and `Bash(npx *)`.
- `dist/a2a/index.js` exposes shell and hook command execution at runtime.
Evidence against
- `package.json` has no preinstall/install/postinstall/prepare hook.
- Claude configuration mutation requires explicit `theokit-init-claude` invocation.
- No source evidence of credential exfiltration or hidden network beaconing.
- The SDK API endpoint is package-aligned (`https://api.usetheo.dev`).
- Child environment handling in `dist/a2a/index.js` scrubs secret-like variables by default.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsTelemetryUrlStrings
Source & flagged code
2 flagged · loading sourcedist/project.cjsView file
2L3: var promises = require('fs/promises');
L4: var path = require('path');
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/project.cjsView on unpkg · L2dist/a2a/index.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @theokit/sdk@2.30.0
matchedIdentity = npm:QHRoZW9raXQvc2Rr:2.30.0
similarity = 0.564
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/a2a/index.jsView on unpkgFindings
1 High3 Medium5 Low
HighPrevious Version Dangerous Deltadist/a2a/index.js
MediumDynamic Requiredist/project.cjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings