AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Starting the standalone server automatically modifies global AI-agent telemetry configuration by default. It redirects detailed agent telemetry to a local AgentLens collector and installs a Claude hook.
Decision evidence
public snapshot- `standalone/server.js` calls `applyAutoConfig()` during server startup.
- Default startup writes telemetry settings for Claude, Codex, and Copilot.
- It installs a Claude Stop hook and enables prompt/tool-content telemetry to localhost.
- `scripts/agentlens-cli.js` can install Claude hooks and copy a skill into `~/.claude/skills`.
- No npm install/preinstall/postinstall lifecycle hook exists.
- All confirmed telemetry endpoints are localhost (`127.0.0.1`, ports 4318/3000/4316).
- No outbound HTTP request or external exfiltration endpoint was confirmed.
- Child-process use starts the local server or opens the local dashboard.
- `eval`/`Function` matches are bundled dependency validation code, not a package payload.
Source & flagged code
7 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
standalone/server.jsView on unpkg · L154Package source references child process execution.
standalone/server.jsView on unpkg · L9250A single source file combines environment access, network access, and code or shell execution; review context before blocking.
standalone/server.jsView on unpkg · L35927A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
standalone/cli.jsView on unpkg · L39Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
scripts/agentlens-supervise.jsView on unpkg · L5Package ships non-JavaScript build or shell helper files.
scripts/configure-codex.ps1View on unpkg