AI Security Review
scanned 4h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The explicit integration command registers Dictum hooks, MCP servers, skills, and optional project rules in AI coding hosts. No install-time or stealth activation is present.
Static reason
No blocking static signals were detected.
Trigger
User runs `dictum integrate <host>` or `dictum codex setup`.
Impact
A user-approved setup can cause future agent prompts to invoke Dictum's prompt-review workflow.
Mechanism
Explicit AI-agent configuration and hook registration.
Rationale
The package has a real, explicit AI-agent control-surface setup capability but no unconsented install-time activation or concrete malicious behavior. Per policy, this warrants a warning rather than a block.
Evidence
package.jsonbin/dictum.jssrc/cli.tssrc/hosts/codex.tssrc/hosts/shared.tssrc/polisher/openai_compat.tssrc/hosts/claude.tssrc/hosts/cursor.tssrc/hosts/devin.ts
Network endpoints3
api.openai.comapi.anthropic.com127.0.0.1:5500
Decision evidence
public snapshotAI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- Explicit `dictum integrate` mutates Codex, Claude, Cursor, and Devin host configuration.
- Codex setup installs a managed skill and `UserPromptSubmit` hook invoking `dictum prompt-hook`.
- Shared installer atomically merges JSON/MCP configuration and writes managed rule files.
- Hook guidance can direct connected agents to Dictum MCP tools before task execution.
Evidence against
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- `bin/dictum.js` only dispatches the CLI; integration is not import-time behavior.
- Network calls target configured STT/LLM endpoints, including OpenAI- and Anthropic-compatible APIs.
- No credential harvesting, arbitrary remote payload loading, eval, or destructive filesystem behavior found.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
6 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidence
MediumAi Review Evidence
MediumAi Review Evidence
MediumAi Review Evidence
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings