AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `scripts/postinstall.mjs` runs on install and sends telemetry by default.
- `scripts/install-telemetry.mjs` derives a persistent host ID and POSTs install events to PostHog.
- `bin/failproofai.mjs` exposes explicit `policies --install` commands.
- `src/hooks/integrations.ts` writes marked hook commands into agent settings, including `.codex/hooks.json`.
- `scripts/postinstall.mjs` only reads Claude settings and prints a repair warning; it does not mutate them.
- `scripts/preuninstall.mjs` removes only marked failproofai hook entries during uninstall.
- Agent-setting writes are behind explicit CLI policy-install commands, not install-time.
- No credential harvesting, remote payload loading, eval/vm use, or destructive behavior was confirmed.
Source & flagged code
15 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
.next/standalone/.next/server/chunks/_1z062h5._.jsView on unpkg · L1AWS access key ID in .next/standalone/.next/server/chunks/_1z062h5._.js
.next/standalone/.next/server/chunks/_1z062h5._.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/cli.mjsView on unpkg · L18Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.mjsView on unpkg · L9Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
pi-extension/index.tsView on unpkg · L8Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.next/standalone/docker-hook-sync/entrypoint.shView on unpkgPackage ships non-JavaScript build or shell helper files.
.next/standalone/docker-hook-sync/entrypoint.shView on unpkgPackage ships high-entropy non-source blobs.
.next/standalone/public/audit/fonts/bitcount-prop-single.woff2View on unpkgAWS access key ID in .next/standalone/.next/server/chunks/ssr/_0ul5rf_._.js
.next/standalone/.next/server/chunks/ssr/_0ul5rf_._.jsView on unpkg · L1AWS access key ID in .next/standalone/.next/server/chunks/ssr/_11v0g3z._.js
.next/standalone/.next/server/chunks/ssr/_11v0g3z._.jsView on unpkg · L1