AI Security Review
scanned 5d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- User-invoked `artor skill sync` downloads skill tarballs from Artor API and writes `.claude/skills/org/<name>/` plus an `AGENTS.md` managed block in `dist/index.js`.
- User-invoked `artor install` can run `claude plugin marketplace add artorapp/skill`, `claude plugin install artor@artor`, or `npx -y skills@latest add https://github.com/artorapp/skill/tree/main/artor`.
- `registry add` and `skill add` can send user-supplied/env credentials to package-aligned Artor API endpoints.
- `maybeOfferGlobalInstall` may prompt interactive npx/local users to run `npm install -g artor-cli@latest`.
- `package.json` has no install/postinstall lifecycle hook; `prepack` is publish-time only.
- `dist/index.js` command dispatch requires explicit CLI subcommands; agent/plugin writes are not install-time behavior.
- Verbose API logging redacts authorization, token, password, secret, credential, cookie, and token-like values.
- Publish packaging excludes `.env*`, `.npmrc`, `.ssh`, `.claude`, `.artor`, cloud credential names, private keys, and escaping symlinks.
- Child process helper validates binary and argument characters before spawning.
Source & flagged code
3 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L36A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L36Package source references dynamic require/import behavior.
dist/index.jsView on unpkg · L659