AI Security Review
scanned 4d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/agent-init-LLOLZMAP.js explicit init-agent writes AGENTS.md, .cursor/rules/auditx.mdc, .github/copilot-instructions.md, and .claude/skills/auditx/SKILL.md
- dist/agent-init-LLOLZMAP.js Cursor rule uses alwaysApply and instructs agents to run npx auditx before finishing work
- dist/hook-XMKHTGQD.js explicit hook install writes executable git hooks and chains into existing hooks
- dist/auditx.js install command downloads scanners and runs npm install -g plus pip install
- dist/auditx.js --fix runs npx eslint --fix and npx knip --fix --allow-remove-files
- package.json has no preinstall/install/postinstall lifecycle scripts
- No import-time execution beyond CLI/MCP setup observed
- AI agent and git hook mutations require explicit auditx init-agent or auditx hook commands
- Network/download URLs are aligned with scanner installation or AI provider use
- No credential harvesting, stealth persistence, exfiltration, obfuscation, or remote payload loader found
- MCP server exposes audit_codebase only and sets fix:false/ai:false
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
dist/chunk-SI34ZE3Z.jsView on unpkg · L3Package source references weak cryptographic algorithms.
dist/chunk-SI34ZE3Z.jsView on unpkg · L3This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/auditx.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/auditx.jsView on unpkg · L915