AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `src/local/cli.mjs` exposes user-invoked full-profile shell, filesystem, SSH, managed-job, and autostart commands.
- `src/local/shell.mjs` runs child processes and can inherit the full parent environment when full mode is selected.
- `src/local/service.mjs` installs per-user launchd, systemd-user, or Windows logon autostart entries on explicit service commands.
- `src/local/relay-connection.mjs` maintains an authenticated HTTPS WebSocket relay using a daemon secret.
- `src/local/full-access-test.mjs` writes SSH authorized_keys only inside a temporary test directory.
- `package.json` has no preinstall, install, or postinstall lifecycle hook; only prepublishOnly.
- `bin/machine-mcp.mjs` only invokes the CLI after an explicit bin command.
- `src/local/cli.mjs` client-config prints MCP configuration rather than modifying Claude, Cursor, or Codex files.
- `src/local/full-access-test.mjs` creates and removes an isolated temporary sandbox.
- No source evidence of credential harvesting, unconsented exfiltration, remote payload download, or foreign AI-agent config mutation.
Source & flagged code
4 flagged · loading sourceSource writes persistence or remote-access backdoor material.
src/local/full-access-test.mjsView on unpkg · L21A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
src/local/full-access-test.mjsView on unpkg · L21This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/local/runtime.mjsView on unpkg