AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/init.js` user-invoked `initProject` writes `.claude/settings.json`, `.mcp.json`, and `AGENTS.md`.
- Generated Claude hooks invoke a bootstrap that executes the configured vfkb Node bundle.
- `dist/pi-mcp-bridge.js` reads an operator-selected MCP config and starts its declared stdio commands.
- `dist/git.js` can commit and push the package-owned knowledge directory when invoked.
- `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
- Control-surface writes occur only through explicit `vfkb init`, not on install or import.
- No source evidence of credential harvesting or exfiltration.
- The only package network endpoint found is opt-in version checking against npmjs; generated bundles' `new Function` is dependency validation code.
Source & flagged code
3 flagged · loading sourcePackage source references a known benign dynamic code generation pattern.
dist/bundles/vfkb-mcp.mjsView on unpkg · L2945Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/bundles.test.jsView on unpkg · L6