AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/cli.mjs` implements explicit `add`/`skills add` installation commands.
- `dist/cli.mjs` maps many AI-agent skill directories, including global home-directory locations.
- Install code downloads/clones selected remote skill sources and writes or symlinks their files into agent skill directories.
- `dist/cli.mjs` can launch a selected local AI-agent CLI only through the explicit `skills use` command.
- `package.json` has no `preinstall`, `install`, or `postinstall` hook; `prepublishOnly` only builds before publishing.
- `bin/bfi.mjs` only enables Node compile cache and imports the CLI.
- The entrypoint dispatches actions from user-provided command arguments; no default install or agent mutation occurs with no command.
- Network access is used for the documented SkillHub/GitHub skill-management workflow.
- No credential harvesting, hidden exfiltration, eval/Function use, or destructive behavior was found.
Source & flagged code
3 flagged · loading sourcePackage source references child process execution.
dist/_chunks/libs/simple-git.mjsView on unpkg · L6A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.mjsView on unpkg · L17Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/cli.mjsView on unpkg · L17