AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/seed-claude-config.cjs` writes a Claude config path supplied by `CLAUDE_CONFIG`.
- That helper sets `hasTrustDialogAccepted` and trusts `/data/.claude/projects`.
- It also records the suffix of `CLAUDE_API_KEY` as an approved custom-key response.
- The helper runs when directly invoked, not through an npm lifecycle hook.
- `package.json` postinstall only chmods node-pty's platform spawn helper.
- The declared preinstall targets missing `scripts/check-native-abi.mjs`; it cannot execute a hidden packaged payload.
- No lifecycle script invokes `dist/seed-claude-config.cjs`.
- `dist/index.cjs` PTY spawning targets Claude/Codex for the advertised session-streaming service.
- No credential-exfiltration endpoint or remote dynamic-code loader was found in package-owned code.
Source & flagged code
8 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/index.cjsView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.cjsView on unpkg · L106Package contains source files above the static scanner size ceiling.
dist/cli.cjsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/cli.cjsView on unpkg