AI Security Review
scanned 8d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/copilot.js creates Copilot sessions with onPermissionRequest: approveAll.
- dist/managed-dependencies.js can install npm deps, download GitHub CLI, and install gh-act when installTreeseedDependencies is invoked.
- dist/verification.js bin runs npm/gh/docker verification commands and writes temporary act workflows.
- package.json has no postinstall/install hook; prepare points to absent scripts/prepare.ts in packed files and dist/scripts/prepare.js only builds dist.
- No .claude/.mcp/Codex/Cursor control-surface writes found by source search.
- Credential helpers use TREESEED_* env vars for GitHub/Cloudflare/Railway/Docker/Codex operations, not broad secret harvesting.
- GitHub/Cloudflare/Railway network code is package-aligned operational automation and requires configured tokens.
- Risky child_process/file writes are exported/bin/user-invoked tooling, not import-time execution.
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
dist/scenes/render-media-assets.jsView on unpkg · L2Package source references a known benign dynamic code generation pattern.
dist/platform-operation-store.jsView on unpkg · L173Package source references dynamic require/import behavior.
dist/scenes/seed.jsView on unpkg · L21Package source references weak cryptographic algorithms.
dist/platform/book-export.jsView on unpkg · L132A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/workflow/operations.jsView on unpkg · L4231Package source invokes a package manager install command at runtime.
dist/managed-dependencies.jsView on unpkg · L472This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/operations/services/github-api.jsView on unpkg