AI Security Review
scanned 7h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- bin/clew.cjs auto-installs Bun via curl|bash or PowerShell when the user runs clew without Bun.
- dist/main.js exposes AI-agent capabilities: MCP server management, plugin marketplaces, hooks, remote control, and permission bypass modes.
- dist/main.js can read Claude Desktop MCP config via the user-invoked add-from-claude-desktop command.
- dist/main.js writes package-owned user config/state under ~/.clew, including plugins/keybindings/session state.
- package.json has no install/postinstall/preinstall lifecycle hook; prepublishOnly is publish-time only.
- bin/claudevil.cjs and bin/clew.cjs launch packaged dist/main.js rather than fetching arbitrary package code.
- scripts/install.sh and scripts/install.ps1 are explicit installer scripts, not npm lifecycle scripts.
- No source evidence of credential harvesting, destructive behavior, persistence hooks, or unconsented writes to foreign AI-agent control surfaces at install time.
Source & flagged code
7 flagged · loading sourceSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/claudevil.cjsView on unpkg · L1Source downloads or fetches remote code and executes it.
bin/clew.cjsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
bin/clew.cjsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
scripts/install.shView on unpkgPackage contains source files above the static scanner size ceiling.
dist/main.jsView on unpkg