AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/index.js: guard command writes ~/.claude/settings.json PreToolUse hook to run ~/.leash/gate.mjs.
- dist/index.js: connect command writes ~/.claude/settings.json SessionEnd hook for getleash push.
- dist/index.js: push/connect can POST metrics snapshots to https://getleash.vercel.app/api/ingest.
- dist/index.js: scans Claude transcripts, launchd, cron, systemd, local repos, and cloud platform status.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- Agent settings mutations are behind explicit CLI commands: guard/connect/connect --off, not install-time or import-time.
- README documents dashboard, guard hooks, cloud push, platform token handling, and offline mode.
- Provider tokens are sent to their own platform APIs; buildSnapshot strips prompts, transcript content, and file paths.
- No remote payload download/eval, destructive action, credential exfiltration to package cloud, or stealth persistence found.
Source & flagged code
5 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L43Source executes local commands and sends command output to an external endpoint.
dist/index.jsView on unpkg · L43A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L43Source writes installer persistence such as shell profile or service configuration.
dist/index.jsView on unpkg · L43