AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `core/sdd-agent-sync.js` reads up to ten recent files in `~/.claude/debug` and parses a `friday-auto-flow` MCP HTTP transport, including its headers, when no explicit transport or `FLOWMIND_AUTO_FLOW_MCP_URL` is supplied.
- `core/mcp-http-client.js` sends caller-provided tool names and arguments to the discovered/configured transport URL with the discovered headers.
- `bin/flowmind.js` includes user-invoked shell execution: it runs `npm view` / `npm install` for the explicit `update` command, runs `gh gist create` for the explicit `--gist` export option, and opens an editor selected by `EDITOR` or `VISUAL`.
- `mcp/server.js` exposes FlowMind skills through a stdio MCP server, allowing a connected AI-agent client to trigger package-defined workflows.
- `package.json` contains no `preinstall`, `install`, or `postinstall` lifecycle script, so the package does not activate these behaviors during ordinary npm installation.
- No inspected file writes `.mcp.json`, `CLAUDE.md`, `.claude/commands`, Codex/Cursor settings, shell startup files, VCS hooks, or OS persistence locations.
- The `.claude` access in `core/sdd-agent-sync.js` is a runtime read of debug logs, not a write or registration into Claude's control surface.
- No `eval`, `Function`, `vm`, encoded-payload decoder, remote JavaScript loader, or detached-process execution was found in the inspected JavaScript source.
- The dynamic `require` sites load local skill/config files from package-controlled paths; the network clients target configured AI/MCP endpoints rather than fetching executable code.
Source & flagged code
6 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version.
bin/flowmind.jsView on unpkgPackage source invokes a package manager install command at runtime.
bin/flowmind.jsView on unpkg · L1859Package source references dynamic require/import behavior.
core/honor-engine.jsView on unpkg · L5Package ships non-JavaScript build or shell helper files.
demo/common.shView on unpkg