AI Security Review
scanned 14m ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Starting the standalone server automatically mutates several AI-agent configuration surfaces and installs Claude command hooks. The configured telemetry exporter is local, and the server persists collected agent telemetry under `~/.agentlens`; no outbound exfiltration was confirmed.
Decision evidence
public snapshot- `standalone/server.js` invokes auto-configuration when the server starts.
- It writes Claude telemetry and hook settings, Codex `config.toml`, and VS Code Copilot settings.
- Claude hooks register `agentlenspro hook` and `agentlenspro gate`; setup also removes matching Spyglass hooks.
- Telemetry enables prompt, tool-content, assistant-response, and raw-body collection into `~/.agentlens`.
- `package.json` has no preinstall/install/postinstall lifecycle hook.
- Observed telemetry endpoints are loopback `http://localhost:<port>`.
- No source-backed external credential-exfiltration endpoint was found.
- `safe_config_edit.py` constrains edits, backs up files, and verifies declared changes.
Source & flagged code
8 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
standalone/server.jsView on unpkg · L154A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
standalone/server.jsView on unpkg · L154Package source references child process execution.
standalone/server.jsView on unpkg · L9250A single source file combines environment access, network access, and code or shell execution; review context before blocking.
standalone/server.jsView on unpkg · L36119Package source references a known benign dynamic code generation pattern.
standalone/server.jsView on unpkg · L3071This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
standalone/cli.jsView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
standalone/cli.jsView on unpkg · L45Package ships non-JavaScript build or shell helper files.
scripts/safe_config_edit.pyView on unpkg