AI Security Review
scanned 1h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/cli.mjs` installs skill content into detected AI-agent skill directories after user CLI commands.
- `dist/_chunks/agents.mjs` fetches registry-supplied agent directory metadata and caches it at `~/.bfi/agents-cache.json`.
- `dist/cli.mjs` maps Codex and other agent global skill directories, including `~/.codex/skills`.
- Remote downloads and registry calls are available through the CLI's configured SkillHub API.
- `package.json` has no `preinstall`, `install`, `postinstall`, or `prepare` lifecycle hook.
- `bin/bfi.mjs` only enables Node's compile cache then imports the CLI.
- Agent-directory writes occur in explicit skill add/install/update flows, not on npm installation or import.
- No credential-file harvesting, covert exfiltration, eval, or remote code execution chain was confirmed.
Source & flagged code
4 flagged · loading sourcePackage source references child process execution.
dist/_chunks/libs/simple-git.mjsView on unpkg · L6This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.mjsView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.mjsView on unpkg · L17Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/cli.mjsView on unpkg · L17