AI Security Review
scanned 19h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `src/local/cli.mjs` explicit `start` deploys a Worker and installs autostart.
- `src/local/daemon.mjs` accepts authenticated relay tool calls and exposes file/process operations.
- `src/local/tools.mjs` default `full` policy enables shell execution, unrestricted paths, and full environment.
- `src/local/service.mjs` creates user-level launchd, systemd, or scheduled-task persistence.
- `package.json` has no preinstall/install/postinstall hook; only publish-time checks.
- `src/local/full-access-test.mjs` uses a temporary directory and removes it in `finally`.
- `src/local/cli.mjs` client-config command prints configuration rather than modifying agent configs.
- No hidden downloader, eval/vm execution, credential exfiltration, or fixed third-party endpoint was found.
Source & flagged code
3 flagged · loading sourceSource writes persistence or remote-access backdoor material.
src/local/full-access-test.mjsView on unpkg · L21A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
src/local/full-access-test.mjsView on unpkg · L21