AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- src/cli/init-agent.ts writes AGENTS.md, skills/agentic-mermaid-diagram-workflow/SKILL.md, and .mcp.json into a chosen repo dir.
- src/cli/index.ts exposes this only as explicit `am init-agent [--dir] [--force]`, not install/import-time behavior.
- Generated .mcp.json config registers `npx -y --package agentic-mermaid agentic-mermaid-mcp` for agents.
- package.json has no preinstall/install/postinstall; only prepublishOnly build runs for publisher workflow.
- src/cli/am-bin.ts only dispatches CLI args; src/mcp/mcp-bin.ts only starts the MCP CLI when invoked.
- src/mcp/sandbox.ts disables eval/Function/process/require/fetch and uses node:vm timeout/codeGeneration guards for user-supplied Code Mode.
- src/mcp/server.ts HTTP transport defaults to 127.0.0.1 and requires auth-token for non-loopback bind.
- src/cli/index.ts child_process spawnSync is limited to user-requested preview open command.
- No credential harvesting or outbound exfiltration path found in inspected entrypoints.
Source & flagged code
6 flagged · loading sourceSource contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/am.jsView on unpkg · L6920Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/am.jsView on unpkg · L6Package source references a known benign dynamic code generation pattern.
src/mcp/facade.tsView on unpkg · L548Package source executes code through a VM context API.
src/mcp/sandbox.tsView on unpkg · L131A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/agent.jsView on unpkg