AI Security Review
scanned 2d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/pty/claude-config.js` writes trust flags to `~/.claude.json` before spawned sessions.
- `dist/skills/inject.js` copies Loom skills into project `.claude/skills` and updates `.git/info/exclude`.
- `dist/orchestration/usage-status.js` reads `~/.claude/.credentials.json` and sends its OAuth token to Anthropic's usage endpoint.
- `dist/git/worktrees.js` runs detected package-manager installs/builds inside Loom-created user worktrees.
- `bin/service.mjs` creates per-user autostart artifacts only via explicit `loom service install`.
- `package.json` contains no `preinstall`, `install`, `postinstall`, or `prepare` lifecycle hook.
- `bin/loom.mjs` only contacts the local daemon at `127.0.0.1` for management.
- Credential use is package-aligned usage polling to `https://api.anthropic.com/api/oauth/usage`, not a third-party endpoint.
- No eval, remote-payload download/execution, or hidden install-time mutation was confirmed.
Source & flagged code
9 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
bin/loom.mjsView on unpkg · L21Package source references dynamic require/import behavior.
bin/loom.mjsView on unpkg · L270Package source executes code through a VM context API.
dist/mcp/repo-read.jsView on unpkg · L62Source writes installer persistence such as shell profile or service configuration.
bin/service.mjsView on unpkg · L10Package source invokes a package manager install command at runtime.
dist/git/worktrees.jsView on unpkg · L92Package ships non-JavaScript build or shell helper files.
assets/python/synthesize.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/pty/host.jsView on unpkg