AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/store/materializers/host-file-materializer.js` writes workspace hook configs that invoke ACE dispatcher on agent lifecycle events.
- `dist/runtime-command.js` executes configured commands via `sh -c`; unattended execution requires a workspace profile.
- `dist/tui/openai-compatible.js` sends chat requests using configured provider URLs and environment API keys.
- `package.json` has only `prepublishOnly`; no install-time lifecycle hook runs for consumers.
- `dist/cli.js` runs bootstrap/configuration only for explicit CLI commands and guards import side effects.
- Default `assets/agent-state/ACE_WORKFLOW.md` is interactive with `executor.command: null`.
- `assets/scripts/ace-hook-dispatch.mjs` reads workspace state and emits hook responses; no network or subprocess execution found.
- Provider endpoints are named AI services or local runtimes, with no hidden third-party exfiltration endpoint.
Source & flagged code
5 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/tui/openai-compatible.jsView on unpkg · L569Package source references dynamic require/import behavior.
dist/tui/openai-compatible.jsView on unpkg · L583Source writes installer persistence such as shell profile or service configuration.
dist/helpers/bootstrap.jsView on unpkg · L77Package ships non-JavaScript build or shell helper files.
scripts/hermes_bridge_worker.pyView on unpkg