AI Security Review
scanned 6h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/ssh/cli.js` exposes agent-targetable SSH host enrollment and testing.
- `dist/ssh/cli.js` invokes `ssh` and can generate unencrypted private keys, but only through explicit `codebase ssh` commands.
- `dist/ssh/store.js` persists enrolled hosts in `~/.codebase/ssh.json`.
- `package.json` has no preinstall/install/postinstall lifecycle hook.
- `bin/codebase` only dynamically imports the CLI after explicit invocation.
- `dist/ssh/cli.js` validates host configuration and does not install keys remotely; it only prints a manual one-liner.
- `dist/auth/credentials.js` stores package OAuth credentials in `~/.codebase/credentials.json` with mode 0600.
- `dist/auth/cli.js` limits OAuth defaults to `https://codebase.design` endpoints.
Source & flagged code
9 flagged · loading sourcePackage contains a critical-looking secret pattern.
bench/run.test.mjsView on unpkg · L24GitHub personal access token in bench/run.test.mjs
bench/run.test.mjsView on unpkg · L24Source writes persistence or remote-access backdoor material.
dist/ssh/cli.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/ssh/cli.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
bench/scenarios/add-test/verify.shView on unpkgGitHub personal access token in bench/aggregate.test.mjs
bench/aggregate.test.mjsView on unpkg · L27GitHub personal access token in bench/scenarios/memory-secret-hygiene/verify.sh
bench/scenarios/memory-secret-hygiene/verify.shView on unpkg · L14GitHub personal access token in bench/scenarios/memory-secret-hygiene/prompt.txt
bench/scenarios/memory-secret-hygiene/prompt.txtView on unpkg · L1GitHub personal access token in bench/_self-test/fake-codebase-cli.mjs
bench/_self-test/fake-codebase-cli.mjsView on unpkg · L328