AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/runtime/agent/bootstrap.js` exposes `shell_run`, executing `/bin/sh -c` in an agent project directory.
- `dist/runtime/supervisor/bootstrap.js` starts a detached long-running supervisor and agent processes after explicit CLI actions.
- `dist/runtime/install/upgrade-runner.js` can run global `npm install -g` during the explicit upgrade flow.
- `package.json` has no `preinstall`, `install`, `postinstall`, or `prepare` lifecycle hook.
- `dist/index.js` only discovers and exports the package version on import.
- `dist/cli/main.js` runs command handling only when directly invoked; daemon startup is under `2200 daemon start`.
- No source evidence found of credential harvesting, hidden exfiltration, or foreign AI-agent configuration writes.
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
dist/runtime/install/upgrade-runner.jsView on unpkg · L1Source executes local commands and sends command output to an external endpoint.
dist/runtime/agent/bootstrap.jsView on unpkg · L1Package source references weak cryptographic algorithms.
dist/runtime/agent/bootstrap.jsView on unpkg · L1Source launches a detached bundled service that exposes a broad-bound HTTP listener.
dist/runtime/supervisor/bootstrap.jsView on unpkg · L3A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli/main.jsView on unpkg · L6This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli/main.jsView on unpkgPackage contains source files above the static scanner size ceiling.
dist/connectors/discord/gateway.cjsView on unpkg