AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/index.js` launches Claude with `--dangerously-skip-permissions` for labeled GitHub issues.
- `dist/index.js` polls GitHub and turns issue numbers into Claude task prompts.
- Explicit `install` adds and installs a Claude Code marketplace plugin.
- `usage` reads Claude credentials and sends them only to Anthropic's usage API.
- `package.json` has only `prepublishOnly`; installation does not execute package code.
- No obfuscated payload, dynamic code evaluation, or hidden downloader was found.
- Credential-derived token is used as Bearer auth only for Anthropic usage retrieval.
- Slack requests use the user-provided webhook environment variable.
Source & flagged code
4 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L1383Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L1395