AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `src/plugins/exec.ts` runs shell commands via `execSync` when input begins `!` or `/!`.
- `src/config.ts` enables the `exec` plugin by default and `init()` registers `@tyvm/knowhow-module-script` globally.
- `src/cli.ts` runs `migrateConfig()` before CLI argument parsing and loads configured modules.
- `src/clients/xai.ts` sends configured model requests using `XAI_API_KEY` to xAI.
- `package.json` has only `prepublishOnly`; no install-time lifecycle hook.
- Shell execution is gated by explicit command-like input, not import or install.
- Config writes target the package's `.knowhow` project/global configuration, not foreign agent files.
- No source evidence of credential harvesting, covert exfiltration, remote payload download, or destructive behavior.
Source & flagged code
13 flagged · loading sourcePackage source references dynamic require/import behavior.
bin/knowhow.jsView on unpkg · L2Package source references shell execution.
tests/manual/browser-login/test_cli_integration.tsView on unpkg · L24Source appears to send environment or credential material to an external endpoint.
ts_build/src/clients/xai.jsView on unpkg · L14A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
ts_build/src/clients/xai.jsView on unpkg · L14Package source invokes a package manager install command at runtime.
tests/manual/ycmd/debug_diagnostics_test.tsView on unpkg · L112Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
tests/manual/ycmd/test_ycmd_usage.pyView on unpkgPackage ships non-JavaScript build or shell helper files.
tests/manual/ycmd/test_ycmd_usage.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
ts_build/tests/processors/TokenCompressor.test.jsView on unpkgHardcoded password in tests/unit/commands/github-credentials.test.ts
tests/unit/commands/github-credentials.test.tsView on unpkg · L31Supabase service role key (JWT) in tests/fixtures/fake-secret.txt
tests/fixtures/fake-secret.txtView on unpkg · L1Hardcoded password in ts_build/tests/unit/commands/github-credentials.test.js
ts_build/tests/unit/commands/github-credentials.test.jsView on unpkg · L19