AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/installer.js` explicit `install` writes hooks and global rules for Codex, Gemini, Cursor, Windsurf, Copilot, Cline, and Aider.
- `dist/installer.js` registers an MCP server through `npx -y @zeph-to/mcp-server` and invokes Claude/Gemini CLIs during user setup.
- `dist/templates.js` installs hook commands that fall back to `npx -y @zeph-to/cli`.
- `dist/zeph-core.generated.js` supplies persistent agent-behavior rules including remote-origin handling and mandatory Zeph prompts.
- `dist/listener.js` runs a persistent tmux/WebSocket listener and downloads attachments under `~/.zeph/attachments`.
- `package.json` has only `prepublishOnly`; no preinstall/install/postinstall hook executes for consumers.
- `dist/cli.js` dispatches installation and listener behavior only after explicit CLI subcommands.
- `dist/config.js` stores Zeph configuration in `~/.zeph/config.json` with mode `0600`.
- Observed network use targets package-aligned Zeph API endpoints and the npm registry; no unrelated exfiltration endpoint was found.
- No source evidence of credential harvesting beyond configured `ZEPH_API_KEY`, destructive commands, eval/vm execution, or stealth install-time persistence.
Source & flagged code
4 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/zeph-hook.jsView on unpkg · L5This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/installer.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/installer.jsView on unpkg · L185