AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/index.js` exposes an explicit `doable setup` command that writes `.mcp.json` and `.cursor/mcp.json`.
- The written MCP configuration invokes `npx -y doable-mcp@latest`, creating a project AI-tool extension lifecycle.
- Successful deploy flows write managed blocks into `CLAUDE.md`, `AGENTS.md`, and `GEMINI.md`.
- The CLI reads provider tokens only in explicit server/backup commands and sends authenticated requests to its configured API.
- `dist/index.js` supports remote project shell/exec endpoints after user authentication.
- `package.json` has only `prepublishOnly`; no install-time lifecycle hook runs for consumers.
- The executable is a user-invoked `doable` CLI; import/install does not execute commands.
- No environment enumeration, shell-profile persistence, dynamic eval, or hidden payload loader was found.
- `spawn` usage is limited to opening URLs and explicit `doable upgrade --install` npm invocation.
- Deployment archives explicitly exclude `.env` and related files before upload.
- AI configuration mutations are confined to explicit setup/deploy commands and project-local files.
Source & flagged code
7 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L19A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L19A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L19Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L19Source writes installer persistence such as shell profile or service configuration.
dist/index.jsView on unpkg · L19