AI Security Review
scanned 21h ago · by lpm-firewall-aiUnable to establish source-grounded attack surface without filesystem inspection.
Static reason
One or more suspicious static signals were detected.
Trigger
unknown
Impact
unknown
Mechanism
unknown
Rationale
Package files were not inspected, so a source-grounded verdict cannot be produced.
Decision evidence
public snapshotAI called this Manual Review at 0.0% confidence as Unknown with high false-positive risk.
Evidence for warning
- Inspection could not be performed because filesystem tooling is unavailable in this response path.
Evidence against
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings