AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/server.js` starts a browser-control HTTP/HTTPS service and exposes arbitrary page-context `/eval`.
- `dist/server.js` implements agent-side arbitrary URL fetching after an authenticated browser/agent request.
- `bin/mcp-setup.mjs` explicitly creates or modifies project `.mcp.json`; `--global` invokes `claude mcp add`.
- `bin/tosijs-dev.mjs` explicitly configures a `haltija` Claude Desktop MCP entry when passed `--setup-mcp`.
- `dist/hj.js` bidi/invisible Unicode literals are test/display data, not hidden control flow.
- `package.json` contains no `preinstall`, `install`, or `postinstall` lifecycle hook.
- No inspected executable source downloads and executes a remote payload; scanner's install finding maps to `npm root -g` discovery only.
- No credential harvesting or outbound exfiltration endpoint was found in inspected entrypoints.
- MCP configuration writes occur only behind explicit user CLI flags, not during installation or import.
Source & flagged code
9 flagged · loading sourceSource downloads or fetches remote code and executes it.
bin/tosijs-dev.mjsView on unpkg · L14Package source references child process execution.
bin/tosijs-dev.mjsView on unpkg · L14Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
bin/tosijs-dev.mjsView on unpkg · L14Package source invokes a package manager install command at runtime.
bin/tosijs-dev.mjsView on unpkg · L5A single source file combines environment access, network access, and code or shell execution; review context before blocking.
apps/desktop/main.jsView on unpkg · L23A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L49Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/index.jsView on unpkg · L49Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/hj.jsView on unpkg · L558