AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/agent-init-LLOLZMAP.js explicit init-agent writes AGENTS.md, .cursor/rules/auditx.mdc, .cursorrules, copilot instructions, and .claude skill
- dist/hook-XMKHTGQD.js explicit hook install modifies .git/hooks or .husky hooks to run auditx
- dist/chunk-KATHSH24.js downloads scanner binaries from GitHub on first run into ~/.auditx/bin
- dist/scan-UXMQK6V3.js --ai can send scan summaries to configured Gemini/OpenAI/Anthropic SDKs
- package.json has no preinstall/install/postinstall lifecycle scripts
- dist/auditx.js only dispatches commands after CLI invocation; no import-time scan or agent mutation observed
- Agent config content is package-aligned audit instructions, not credential capture or control hijack
- Network activity is scanner download or user-enabled AI analysis, with no hardcoded exfiltration endpoint
- Child process usage runs security tools/scanners and git commands aligned with advertised CLI behavior
Source & flagged code
3 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/chunk-3FBHKNVS.jsView on unpkgPackage source references a known benign dynamic code generation pattern.
dist/chunk-3FBHKNVS.jsView on unpkg · L1791Package source references weak cryptographic algorithms.
dist/chunk-3FBHKNVS.jsView on unpkg · L8