AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/cli.js runInit/runConfigure explicitly merge tmail MCP blocks into many agent config paths
- dist/cli.js patches project AGENTS.md with TMail gate instructions during init
- dist/cli.js persists session.json/e2ee.json under TMAIL_MAIN_DIR after bind/login/E2EE tool calls
- dist/cli.js uses user-provided TMAIL_API_URL for API calls and Authorization bearer headers
- package.json has no install/preinstall/postinstall hooks; only prepublishOnly
- Agent config mutation is behind explicit CLI subcommands init/configure, not import or install time
- mergeTmailMcpConfig writes command npx -y @tmail/mcp with TMAIL env, not a remote payload
- Network base URL comes from TMAIL_API_URL/init argument; no hardcoded exfil endpoint found
- sanitizeForTool removes api_key/access_token/refresh_token/enc_priv_key_base64/passphrase from tool output
- execSync is limited to zstd -d for local attachment decompression
Source & flagged code
6 flagged · loading sourcePackage source references dynamic require/import behavior.
dist/index.jsView on unpkg · L36Source appears to send environment or credential material to an external endpoint.
dist/cli.jsView on unpkg · L6A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli.jsView on unpkg · L6Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/cli.jsView on unpkg · L6