AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/index.js` installer writes `.claude/hooks/*` and `.claude/settings.json`.
- `dist/index.js` installs `.mcp.json` entries and Claude command/agent artifacts.
- Hook scripts run on later Claude events and POST status only to localhost.
- These mutations occur through explicit CLI/init or install flows, not npm lifecycle hooks.
- `package.json` has only `prepublishOnly`; no preinstall/install/postinstall hook.
- No hard-coded external network endpoint found in distributed entrypoints.
- `process.env` secrets are only used by optional, enabled Langfuse observability.
- Dynamic import loads optional `langfuse`; child processes start/open the local dashboard.
Source & flagged code
7 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L42A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L42A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L6920Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.jsView on unpkg · L42Package source references dynamic require/import behavior.
dist/index.jsView on unpkg · L4584