AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/agent-init-FKSVVGGI.js` writes mandatory audit instructions into `AGENTS.md`, Cursor, Copilot, and Claude configuration paths.
- `dist/auditx.js` exposes this behavior through the explicit `auditx init-agent` command.
- `dist/hook-XMKHTGQD.js` can install/chains Git hooks, but only through explicit `auditx hook install` actions.
- `dist/chunk-KATHSH24.js` downloads and executes external scanner binaries during user-invoked scans without shown integrity verification.
- `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle hook.
- Entrypoints only dispatch side-effect modules for explicit CLI subcommands.
- No source path combines credential/environment harvesting with outbound exfiltration.
- AI API use in `dist/scan-HOZXHVYW.js` is gated by the `--ai` option.
- The `eval`-related scanner finding is detection-rule text in `dist/chunk-ZXG3XUVT.js`, not executed payload code.
Source & flagged code
3 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/chunk-ZXG3XUVT.jsView on unpkgPackage source references a known benign dynamic code generation pattern.
dist/chunk-ZXG3XUVT.jsView on unpkg · L1970Package source references weak cryptographic algorithms.
dist/scan-HOZXHVYW.jsView on unpkg · L131