AI Security Review
scanned 1h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `aiden mcp init <client>` can add an Aiden MCP server entry to Claude Desktop, Cursor, or VS Code configs.
- The MCP installer backs up then atomically writes external client configuration and runs a health-check subprocess.
- The explicit command normally displays the target path and asks for confirmation before writing.
- `postinstall` only creates package-local workspace/log directories and copies bundled templates.
- No install hook writes foreign AI-agent configuration, launches network activity, or executes remote payloads.
- `tirithScanner.js` Unicode controls are intentional regex literals for detecting Trojan Source text.
- `openUrl` validates http(s) URLs and uses argument-based spawning with `shell:false`.
Source & flagged code
15 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/tools/v4/web/openUrl.jsView on unpkg · L33Package source references shell execution.
dist/core/v4/util/spawnCommand.js#virtual:normalized:round1View on unpkg · L18Package source references a known benign dynamic code generation pattern.
dist/core/recipeEngine.jsView on unpkg · L91Package source references dynamic require/import behavior.
dist/tools/eonetTool.jsView on unpkg · L7Package source executes code through a VM context API.
dist/core/runSandbox.jsView on unpkg · L1Package source references weak cryptographic algorithms.
dist/core/memoryStrategy.jsView on unpkg · L65Source writes installer persistence such as shell profile or service configuration.
dist/core/toolRegistry.jsView on unpkg · L61A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli/v4/commands/daemon.jsView on unpkg · L499Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
plugins/aiden-plugin-cdp-browser/lib/chromeLauncher.jsView on unpkg · L14Source reaches cloud instance metadata or link-local credential endpoints.
dist/moat/ssrfProtection.jsView on unpkg · L10Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/moat/tirithScanner.jsView on unpkg · L37Package ships non-JavaScript build or shell helper files.
scripts/uninstall.ps1View on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/core/v4/workbench/bridgeServer.jsView on unpkg