AI Security Review
scanned 17h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/pty/claude-config.js` atomically writes `~/.claude.json` trust/onboarding flags.
- `dist/pty/host.js` calls `ensureTrusted(opts.cwd)` before spawning Claude.
- `dist/skills/inject.js` mirrors Loom skills into `<cwd>/.claude/skills`.
- `bin/service.mjs` installs user-login persistence only through explicit `loom service install`.
- `dist/pty/host.js` launches Claude through a PTY for orchestrated agent sessions.
- `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle hook.
- CLI behavior is user-invoked through `bin/loom.mjs`; no import-time daemon start found.
- CLI HTTP probes target loopback `127.0.0.1`, not a hard-coded remote collector.
- Reviewed config writes do not add external MCP servers or exfiltrate credentials.
- Runtime package-manager use in `dist/git/worktrees.js` provisions user worktrees, not this package's install path.
Source & flagged code
9 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
bin/loom.mjsView on unpkg · L21Package source references dynamic require/import behavior.
bin/loom.mjsView on unpkg · L270Package source executes code through a VM context API.
dist/mcp/repo-read.jsView on unpkg · L62Source writes installer persistence such as shell profile or service configuration.
bin/service.mjsView on unpkg · L10Package source invokes a package manager install command at runtime.
dist/git/worktrees.jsView on unpkg · L92Package ships non-JavaScript build or shell helper files.
assets/python/synthesize.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/pty/host.jsView on unpkg