AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/tools/ssh-exec.js` runs remote shell commands via SSH.
- `dist/ssh/cli.js` generates user SSH keys without a passphrase.
- `dist/tools/shell.js` exposes local shell execution to the coding agent.
- `package.json` declares no `preinstall`, `install`, or `postinstall` hook.
- `bin/codebase` only imports `dist/cli.js` after explicit CLI invocation.
- `dist/ssh/cli.js` requires explicit `ssh add` enrollment and persists only under `~/.codebase`.
- `dist/tools/ssh-exec.js` restricts destinations to enrolled host names and validates destructive commands.
- `dist/auth/credentials.js` stores OAuth credentials in `~/.codebase/credentials.json` with mode `0600`.
- No source read showed exfiltration, hidden payload loading, or foreign AI-agent configuration mutation.
Source & flagged code
9 flagged · loading sourcePackage contains a critical-looking secret pattern.
bench/run.test.mjsView on unpkg · L24GitHub personal access token in bench/run.test.mjs
bench/run.test.mjsView on unpkg · L24Source writes persistence or remote-access backdoor material.
dist/ssh/cli.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/ssh/cli.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
bench/scenarios/add-test/verify.shView on unpkgGitHub personal access token in bench/aggregate.test.mjs
bench/aggregate.test.mjsView on unpkg · L27GitHub personal access token in bench/scenarios/memory-secret-hygiene/verify.sh
bench/scenarios/memory-secret-hygiene/verify.shView on unpkg · L14GitHub personal access token in bench/scenarios/memory-secret-hygiene/prompt.txt
bench/scenarios/memory-secret-hygiene/prompt.txtView on unpkg · L1GitHub personal access token in bench/_self-test/fake-codebase-cli.mjs
bench/_self-test/fake-codebase-cli.mjsView on unpkg · L328