AI Security Review
scanned 1d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/bundle.js` launches `claude -p` with caller-provided prompts and project cwd.
- `dist/bundle.js` runs caller-supplied verification commands with `execSync`.
- `dist/bundle.js` can stash, clean, checkout, and apply patches in the requested Git workspace.
- `package.json` has only `prepublishOnly`; no install-time lifecycle hook.
- `.mcp.json` is a declarative first-party MCP launch config, not a config-writing installer.
- `dist/bundle.js` starts only when invoked as its bin/MCP server; no import-time execution.
- Network targets are the configured local proxy or DeepSeek Anthropic endpoint; no unrelated exfiltration host found.
- `DEEPSEEK_API_KEY` is passed to the Claude subprocess as its authentication token, with no source evidence of credential harvesting or separate upload.
Source & flagged code
3 flagged · loading sourceSource combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/bundle.jsView on unpkg · L21090Package source references a known benign dynamic code generation pattern.
dist/bundle.jsView on unpkg · L2941