AI Security Review
scanned 4h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/agents/orchestrator.js` executes planner-produced task types without a confirmation gate.
- `dist/agents/agents/runner.js` executes commands parsed from tasks or generated by the LLM via `execSync`.
- `dist/agents/agents/package-agent.js` can alter a project `package.json` and run `npm publish` when a package task requests publishing.
- `dist/agents/agents/tester.js` installs dependencies and runs a selected test command in a copied sandbox.
- `dist/agents/agents/github-release-agent.js` can send a bearer token to `api.github.com` to create releases.
- `package.json` has no `preinstall`, `install`, or `postinstall` hook.
- `dist/index.js` only starts the CLI after user invocation; importing it exposes exports but also runs CLI parsing only as its executable entrypoint.
- No source evidence of credential harvesting, unrelated endpoint exfiltration, hidden payload download, or destructive install-time behavior.
- `dist/plugins/agent-plugin.js` uses the package-owned `~/.buff` directory rather than mutating foreign AI-agent configuration.
Source & flagged code
10 flagged · loading sourcePackage source references child process execution.
dist/agents/agents/git-agent.jsView on unpkg · L17Package source references dynamic require/import behavior.
dist/plugins/agent-plugin.jsView on unpkg · L47Package source references weak cryptographic algorithms.
dist/memory/embedder.jsView on unpkg · L111Source mutates package metadata and republishes itself to npm.
dist/agents/agents/package-agent.jsView on unpkg · L16A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/agents/agents/package-agent.jsView on unpkg · L16Package source invokes a package manager install command at runtime.
dist/agents/agents/tester.jsView on unpkg · L198This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/agents/agents/github-release-agent.jsView on unpkg