AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/installer.js writes hooks and global rules for multiple AI agents after `zeph install`.
- dist/templates.js hooks invoke `npx -y @zeph-to/cli` at agent lifecycle events.
- dist/listener.js receives authenticated WebSocket pushes and injects `agent.command` text into tmux AI-agent panes.
- dist/remote-hook.js adds persistent remote-mode instructions when injected text matches a marker.
- dist/agent-rules-fetch.js periodically fetches and caches remote detection-rule data.
- package.json has no preinstall/install/postinstall hook; `prepublishOnly` only builds before publishing.
- Installer behavior is reached only through explicit `zeph install`/`setup` dispatch in dist/cli.js.
- Listener rejects shell panes, checks tmux session state, and rate-limits injections.
- No credential harvesting or exfiltration path was found; API key is used for Zeph service requests and stored mode 0600.
Source & flagged code
4 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/zeph-hook.jsView on unpkg · L5This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/installer.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/installer.jsView on unpkg · L181