AI Security Review
scanned 3d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `package.json` runs `bin/postinstall.mjs` on install.
- `bin/postinstall.mjs` copies package workflows into `~/.hermit/.claude/workflow`.
- `bin/lib/aikey.mjs` explicitly supports writing claimed keys into `~/.claude/settings.json` and `~/.codex/*`.
- `bin/lib/aikey.mjs` can install a shell startup hook after its command flow.
- Postinstall only migrates and writes under package-owned `~/.hermit`; it does not alter global `~/.claude` or `~/.codex`.
- Installed workflow sources are audit-oriented and instruct read-only, non-destructive operation.
- No install-time network request, credential harvesting, shell execution, or remote-payload execution was found.
- Foreign agent-config writes are in the explicit `aikey` command path, not lifecycle code.
Source & flagged code
15 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
bin/lib/navigationCommand.mjsView on unpkg · L133Package source references weak cryptographic algorithms.
bin/lib/teams.mjsView on unpkg · L70Source writes installer persistence such as shell profile or service configuration.
bin/lib/aikey.mjsView on unpkg · L116A single source file combines environment access, network access, and code or shell execution; review context before blocking.
bin/lib/auth.mjsView on unpkg · L372Install-time source drops package-supplied AI-agent/MCP control files or instructions.
bin/postinstall.mjsView on unpkg · L1Package source invokes a package manager install command at runtime.
bin/lib/update.mjsView on unpkg · L58Package ships high-entropy non-source blobs.
dist-renderer/icon.rarView on unpkgPackage ships compressed or archive-like blobs.
dist-renderer/icon.rarView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
dist-renderer/icon.rarView on unpkgPackage contains source files above the static scanner size ceiling.
dist-renderer/assets/index-Bo4xGbxH.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/hermit.mjsView on unpkg