AI Security Review
scanned 20h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/installer.js` explicit `zeph install` writes hooks and managed rules for multiple AI-agent homes.
- `dist/installer.js` adds `@zeph-to/mcp-server` through `npx` to Cursor/Windsurf/Gemini MCP config.
- `dist/listener.js` accepts `agent.command` pushes and injects text/keys into named tmux agent sessions.
- `dist/listener.js` downloads server-provided attachments to `~/.zeph/attachments` before injecting their paths.
- `dist/zeph-core.generated.js` instructs installed agents to treat Zeph phone replies as direct user instructions.
- `package.json` has only `prepublishOnly`; no preinstall/install/postinstall hook executes on consumer install.
- `dist/cli.js` dispatches setup only for explicit `install`/`setup` commands.
- `dist/installer.js` presents an interactive agent picker before running installers.
- Network use is package-aligned: Zeph API, WebSocket listener, login, and npm update check.
- No source evidence of credential harvesting, unrelated exfiltration, eval/vm, or hidden payload execution.
Source & flagged code
4 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/zeph-hook.jsView on unpkg · L5Package source invokes a package manager install command at runtime.
dist/installer.jsView on unpkg · L163This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/listener.jsView on unpkg