AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. A user-started local Hub can install approved AI agent CLIs and configure FRAIM MCP/discovery artifacts in their user-level agent directories. It also enables Claude Code OTLP telemetry to a local receiver. No install-time or import-time attack surface was confirmed.
Decision evidence
public snapshot- `dist/src/ai-hub/server.js` exposes explicit `/api/ai-hub/install-agent`, which runs `npm install -g` for selected AI CLIs.
- `dist/src/ai-hub/server.js` invokes `runAddIDE` after installation, enabling FRAIM MCP configuration in agent environments.
- `dist/src/cli/setup/ide-global-integration.js` creates FRAIM artifacts under existing `~/.claude`, `~/.codex`, and other IDE directories.
- `dist/src/cli/setup/claude-code-telemetry.js` modifies `~/.claude/settings.json` to enable OTLP telemetry to localhost.
- `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle scripts.
- `bin/fraim-hub.js` only starts the CLI when the user invokes `fraim-hub`.
- Agent installation uses a fixed allowlist: Claude Code, Codex, Gemini CLI, and GitHub Copilot CLI in `dist/src/first-run/types.js`.
- No `eval`, VM execution, encoded payload decoding, native binaries, credential-file harvesting, or non-package-aligned exfiltration was found.
- `dist/src/ai-hub/server.js` binds Hub HTTP/HTTPS listeners to `127.0.0.1` only.
Source & flagged code
6 flagged · loading sourcePackage source references child process execution.
dist/src/core/utils/git-utils.jsView on unpkg · L9Package source references dynamic require/import behavior.
bin/fraim-hub.jsView on unpkg · L3Source writes installer persistence such as shell profile or service configuration.
dist/src/ai-hub/word-sideload.jsView on unpkg · L21A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/src/ai-hub/managed-browser.jsView on unpkg · L27Package source invokes a package manager install command at runtime.
dist/src/ai-hub/server.jsView on unpkg · L3078This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/src/ai-hub/cli.jsView on unpkg