AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `bin/mcpServerInstall.js` explicitly writes MCP client config entries for Claude, Cursor, VS Code, and others.
- The explicit `mcpServerInstall` command registers `mcp-server/build/index.js` as a stdio server.
- `mcp-server/src/executor.ts` spawns this CLI in the selected project context.
- `scripts/install-agent-instructions.js` is a user-invoked installer for agent instruction files.
- `scripts/postinstall.js` only skips CI or prints a global dependency notice, then exits.
- No lifecycle script invokes the MCP installer or writes AI-client configuration.
- `bin/vscode.js` installs the bundled VSIX only on explicit `hana-cli vscode install`.
- The VSIX manifest declares a SAP HANA workspace extension; archive entropy is consistent with a packaged VSIX.
- `mcp-server/build/prompts.js` contains credential examples, not embedded secrets.
- No source evidence of credential exfiltration, remote payload download, or stealth persistence.
Source & flagged code
19 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
mcp-server/build/prompts.jsView on unpkg · L313RSA private key in mcp-server/build/prompts.js
mcp-server/build/prompts.jsView on unpkg · L313This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/vscode.jsView on unpkgPackage source references dynamic require/import behavior.
bin/index.jsView on unpkg · L42Package source invokes a package manager install command at runtime.
bin/createModule.jsView on unpkg · L56Package ships non-JavaScript build or shell helper files.
scripts/install-btp.shView on unpkgPackage ships high-entropy non-source blobs.
vscode-extension/hana-cli-0.1.8.vsixView on unpkgPackage ships compressed or archive-like blobs.
vscode-extension/hana-cli-0.1.8.vsixView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
vscode-extension/hana-cli-0.1.8.vsixView on unpkgRSA private key in mcp-server/src/prompts.ts
mcp-server/src/prompts.tsView on unpkg · L340Hardcoded password in docs/01-getting-started/configuration.md
docs/01-getting-started/configuration.mdView on unpkg · L241Hardcoded password in docs/troubleshooting/index.md
docs/troubleshooting/index.mdView on unpkg · L1134Hardcoded password in docs/03-features/mcp/implementation-guide.md
docs/03-features/mcp/implementation-guide.mdView on unpkg · L329Hardcoded password in docs/03-features/mcp/implementation-complete.md
docs/03-features/mcp/implementation-complete.mdView on unpkg · L231Hardcoded password in .github/agents/e2e-test-agent/e2e-test-agent.agent.md
.github/agents/e2e-test-agent/e2e-test-agent.agent.mdView on unpkg · L144