AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/index.js` launches Claude with `--dangerously-skip-permissions` for GitHub issue/PR-triggered tasks.
- `dist/index.js` polls GitHub via `gh`, creates worktrees, and runs agent actions against the current repository.
- `dist/index.js` reads Claude OAuth credentials and sends them only to Anthropic's usage endpoint.
- `dist/index.js` can forward up to 1,000 characters of agent output to an optional Slack webhook.
- Explicit `install`/`update` commands add and update a Claude plugin marketplace.
- `package.json` has only `prepublishOnly`; installation does not execute package code.
- CLI dispatch in `dist/index.js` requires an explicit command; agent and plugin setup are user-invoked.
- No hidden payload, eval/vm execution, obfuscated strings, or non-package-aligned exfiltration endpoint was found.
- Credential use is limited to an authenticated usage request to `api.anthropic.com`; the token is not included in Slack payloads.
Source & flagged code
4 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L1409Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L1421