AI Security Review
scanned 1d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- cli/lib/apply.mjs writes selected MCP entries to .mcp.json and Claude hooks/settings to .claude/settings.json.
- cli/lib/targets.mjs can write MCP config for Cursor, Gemini, opencode, Codex, and home-scoped OpenClaw when selected.
- plugins/loadout/catalog/mcp.json includes npx/uvx MCP server registrations and hosted MCP URLs.
- plugins/loadout/catalog/hooks.json contains Claude Code hook commands that run formatter/guard shell commands during agent tool events.
- package.json has no install/postinstall/prepare lifecycle; prepublishOnly is publisher-side npm test only.
- cli/index.js requires explicit CLI use; non-interactive apply requires --all/--yes or explicit apply/doctor --fix actions.
- doctor.mjs child_process use is limited to which/where PATH checks for hook dependencies.
- No credential harvesting, exfiltration, remote code download executed by package code, obfuscation, or destructive behavior found.
- Skill/reference entries are returned as manual install commands rather than auto-written by apply.mjs.
Source & flagged code
4 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
cli/lib/doctor.mjsView on unpkgPackage source invokes a package manager install command at runtime.
cli/lib/doctor.mjsView on unpkg · L426