AI Security Review
scanned 1h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/bin/iuri.js` exposes an AI-agent CLI that starts a local daemon.
- `dist/src/agent.js` can execute arbitrary shell commands through its `run` tool after confirmation.
- `src/usercommands.ts` supports user-authored `!`-backtick shell substitutions.
- `src/db.ts` can install a missing database driver during an invoked database operation.
- `package.json` has only `prepublishOnly`; no install-time lifecycle hook runs for consumers.
- Shell, file-write, delete, and mutating Git operations are gated by interactive confirmation in `src/agent.ts` and `bin/iuri.ts`.
- No source evidence of credential harvesting, covert exfiltration, remote payload loading, or hidden persistence.
- The reported invisible character in `src/usercommands.ts` is an intentional BOM matcher/remover, not concealed executable logic.
- Network code targets the configured AI/browser/local-provider workflow rather than a covert endpoint.
Source & flagged code
4 flagged · loading sourceSource contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/src/usercommands.jsView on unpkg · L26A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/src/usercommands.jsView on unpkgPackage ships non-JavaScript build or shell helper files.
src/edge_tts_server.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/src/agent.jsView on unpkg