AI Security Review
scanned 8h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/src/cli/commands/add-ide.js` writes IDE MCP configuration and invokes Claude telemetry setup.
- `dist/src/cli/setup/claude-code-telemetry.js` modifies `~/.claude/settings.json` for all Claude Code sessions.
- `dist/src/cli/mcp/fraim-mcp-latest-launcher.js` writes a launcher that resolves latest `fraim` and executes it through `npx`.
- `dist/src/cli/mcp/mcp-server-registry.js` places that launcher plus `FRAIM_API_KEY` into the FRAIM MCP configuration.
- `dist/src/ai-hub/server.js` exposes a user-invoked install route that globally installs selected agent CLIs and then configures FRAIM for them.
- `package.json` contains no `preinstall`, `install`, `postinstall`, or `prepare` lifecycle hook.
- `bin/fraim-hub.js` only starts the Hub after an explicit CLI invocation.
- The Hub binds its HTTP and optional HTTPS listeners to `127.0.0.1`.
- No inspected source showed credential harvesting, covert exfiltration, destructive behavior, or import-time payload execution.
- The Unicode finding in `dist/src/config/learning-domains.js` is a leading BOM, not a deceptive bidi control sequence.
Source & flagged code
8 flagged · loading sourcePackage source references child process execution.
dist/src/core/utils/git-utils.jsView on unpkg · L9Package source references dynamic require/import behavior.
bin/fraim-hub.jsView on unpkg · L3Source writes installer persistence such as shell profile or service configuration.
dist/src/ai-hub/word-sideload.jsView on unpkg · L21A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/src/ai-hub/managed-browser.jsView on unpkg · L27Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/src/config/learning-domains.jsView on unpkg · L191A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/src/config/learning-domains.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/src/ai-hub/server.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/src/ai-hub/server.jsView on unpkg · L3110