AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit CLI setup can add Foreman callbacks to Claude Code and Cursor configuration, including user-level locations with `--global`. Hook callbacks collect agent event data and selected file/transcript content into a local Foreman journal. No unconsented install-time mutation or outbound exfiltration was confirmed.
Decision evidence
public snapshot- `dist/cli.js` exposes explicit `foreman init [--global]`, which installs agent hooks.
- `dist/hooks/claude-code.js` reads hook payloads and project files, then journals bounded content samples.
- `dist/hooks/cursor.js` writes Foreman hook commands to project or user `.cursor/hooks.json`.
- `dist/paths.js` stores collected events under `FOREMAN_HOME` or `~/.foreman`.
- `dist/server.js` can execute user-configured `notify_command` through a shell after the user starts the UI.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- All agent configuration changes are reached only through `foreman init` or `foreman uninstall`.
- Inspected source contains no outbound HTTP client, credential exfiltration path, remote payload download, eval, or VM execution.
- The built-in HTTP server binds to `127.0.0.1`; observed URLs are local-only.
- `dist/mcp/proxy.js` proxies an explicitly supplied local stdio command and records signed hashes/receipts.
Source & flagged code
2 flagged · loading sourcePackage text addresses the security reviewer or scanner and tries to influence the review outcome.
README.mdView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkg