AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs `jig adopt claude` (or another explicit `jig adopt <runtime>` command).
Impact
Can alter local AI-agent instructions and Claude SessionStart behavior for the selected home directory.
Mechanism
User-invoked transactional agent-policy and Claude hook reconfiguration.
Rationale
Source inspection found no malicious install-time behavior, remote payload loading, credential theft, or exfiltration. Its explicit agent-control mutation is a real capability that warrants a warning under the stated policy.
Evidence
package.jsondist/main.jsdist/commands/adopt.jsdist/adapters/index.jsdist/hooks/session-context.jsdist/commands/uninstall.js.claude/settings.json.claude/CLAUDE.md.codex/AGENTS.md.gemini/GEMINI.md.pi/agent/AGENTS.md.jig/hooks/session-context.sh
Decision evidence
public snapshotAI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `dist/commands/adopt.js` explicitly rewrites `.claude/settings.json` during `jig adopt claude`.
- The same command installs executable `.jig/hooks/session-context.sh` and repoints Claude SessionStart to it.
- `dist/adapters/index.js` targets agent policy files including `.codex/AGENTS.md` and `.claude/CLAUDE.md`.
Evidence against
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- `dist/main.js` dispatches mutations only through explicit CLI commands.
- `dist/hooks/session-context.js` only prints nearby instruction filenames and a read-before-edit notice.
- No network client, credential harvesting, or outbound endpoint was found in packaged runtime source.
- The hook and policy writes are transaction-scoped under the selected `--home` and have rollback/uninstall paths.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystem
HighEntropyStrings
NoLicense
Source & flagged code
2 flagged · loading sourcedist/commands/adopt.jsView file
•Published source reference
Medium
Ai Review Evidence
`dist/commands/adopt.js` explicitly rewrites `.claude/settings.json` during `jig adopt claude`.
dist/commands/adopt.jsView on unpkgdist/adapters/index.jsView file
•Published source reference
Medium
Ai Review Evidence
`dist/adapters/index.js` targets agent policy files including `.codex/AGENTS.md` and `.claude/CLAUDE.md`.
dist/adapters/index.jsView on unpkgFindings
4 Medium4 Low
MediumEnvironment Vars
MediumAi Review Evidencedist/commands/adopt.js
MediumAi Review Evidence
MediumAi Review Evidencedist/adapters/index.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License