AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a user-invoked local MCP/CLI orchestrator that can intentionally launch configured worker CLIs and run a token-protected loopback console.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs an agent-hq CLI command, explicitly registers it with an MCP host, or that registered host starts it.
Impact
Expected agent-orchestration capabilities; no install-time mutation, secret exfiltration, remote payload retrieval, or stealth persistence was confirmed.
Mechanism
Local daemon, configured worker-process spawning, and explicitly confirmed host registration.
Rationale
Source inspection shows sensitive actions are package-aligned and activated through explicit CLI/MCP use; MCP-host configuration writes are interactive and scoped to this package's own entry. No concrete malicious behavior was found.
Evidence
package.jsondist/server.jsdist/server-main.jsdist/console-server.jsdist/register-cli.jsdist/daemon-protocol.jsdist/daemon-service.jsdist/runners/process.jsdist/secret-store.js
Network endpoints1
127.0.0.1
Decision evidence
public snapshotAI called this Clean at 97.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- `package.json` has no preinstall/install/postinstall lifecycle hook.
- `dist/server.js` executes only after a user/MCP invocation and loads `server-main` after a runtime check.
- `dist/register-cli.js` requires interactive confirmation before modifying Claude, Codex, or Cursor MCP registration.
- `dist/console-server.js` listens only on `127.0.0.1` and uses a random token.
- No `fetch()` calls, eval/vm usage, native loading, or external HTTP endpoints were found in package JavaScript.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/console/fonts/archivo-variable-latin.woff2View file
•path = dist/console/fonts/archivo-variable-latin.woff2
kind = high_entropy_blob
sizeBytes = 34940
magicHex = [redacted]
High
Ships High Entropy Blob
Package ships high-entropy non-source blobs.
dist/console/fonts/archivo-variable-latin.woff2View on unpkgdist/daemon-service.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = agent-hq-mcp@0.10.2
matchedIdentity = npm:YWdlbnQtaHEtbWNw:0.10.2
similarity = 0.676
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/daemon-service.jsView on unpkgFindings
2 High3 Medium4 Low
HighShips High Entropy Blobdist/console/fonts/archivo-variable-latin.woff2
HighPrevious Version Dangerous Deltadist/daemon-service.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings