AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/cli.js` registers an explicit `skills` command that installs and mirrors skills into global AI-agent skill directories, including `.codex/skills` and `.claude/skills`.
- `dist/cli.js` enables PostHog telemetry by default and sends runtime, hardware, CI, and sanitized agent-environment metadata to `https://us.i.posthog.com/batch/`.
- Normal non-JSON CLI use checks npm and can spawn a detached global package update unless disabled.
- `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
- Agent-directory writes are reached through the user-invoked `hyperframes skills` workflow, not package installation.
- Studio network calls use same-origin `/api/...` endpoints for its local preview/render application.
- No source evidence of credential harvesting, arbitrary remote payload execution, destructive deletion outside command functions, or covert AI-agent control mutation.
Source & flagged code
3 flagged · loading sourceSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/studio/index.jsView on unpkg · L207Package contains source files above the static scanner size ceiling.
dist/studio/assets/index-BiJK2Lfo.jsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/cli.jsView on unpkg