AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `cli.js` default `portable` runtime installs Claude hooks and registers `portable-sidecar` in `~/.claude.json`.
- `cli.js` reads existing Claude and GitHub credentials from environment, local credential files, macOS Keychain, `gh`, and git helpers.
- `cli.js` launches a local API, provisions browser/tunnel tooling, and registers a public tunnel URL with its relay.
- The Claude integration mutation occurs during normal user-invoked `portable`/`connect`, not as a separately confirmed opt-in command.
- `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle scripts.
- `cli.js` encrypts its persisted local secret store under `~/.portable` with AES-GCM and restrictive modes.
- Relay registration in `cli.js` sends PC ID, label, public URL, and TTL; no credential upload was confirmed.
- Reviewed CLI network operations are consistent with the documented local launcher, tunnel, and relay workflow.
- No remote code download/eval chain, destructive action, or hidden persistence was confirmed.
Source & flagged code
7 flagged · loading sourceSource executes local commands and sends command output to an external endpoint.
cli.jsView on unpkg · L25A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
cli.jsView on unpkg · L25Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
cli.jsView on unpkg · L25Package contains source files above the static scanner size ceiling.
server.jsView on unpkgTarball package.json differs from the npm registry version manifest for scripts or dependency sets.
package.jsonView on unpkg