AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/cli.mjs` implements `add`/`install` commands that install skills into AI-agent directories.
- `installSkillForAgent` copies or symlinks user-selected skill content into `.agents/skills` or agent-specific skill paths.
- CLI startup can fetch `/api/v1/public/agents` and merge remote agent path definitions when a token is configured.
- `dist/cli.mjs` invokes Git/`gh` only for user-requested Git skill sources.
- `package.json` has no `preinstall`, `install`, or `postinstall`; only publisher-side `prepublishOnly`.
- `bin/bfi.mjs` only enables Node compile cache and imports the CLI.
- All agent-surface writes are reached through explicit CLI commands; no import-time or install-time mutation was found.
- No credential harvesting, covert exfiltration, destructive broad filesystem action, or remote code execution chain was found.
Source & flagged code
4 flagged · loading sourcePackage source references child process execution.
dist/_chunks/libs/simple-git.mjsView on unpkg · L6This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.mjsView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.mjsView on unpkg · L17Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/cli.mjsView on unpkg · L17