AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/poller.js` claims remote jobs and sends generated results to the paired server.
- `dist/backends/codex.js` and `dist/backends/claude.js` run agent SDKs using the user's authenticated browser sessions.
- `dist/service.js` creates persistent login-start services, but only through `maki-agent install`.
- `dist/mcp/readonly-proxy.js` downloads/starts Playwright MCP through `npx` at runtime.
- `package.json` has no preinstall, install, or postinstall hook; `prepublishOnly` only builds.
- `dist/index.js` requires explicit `pair`, `run`, or `install` commands; importing does not start work.
- `dist/mcp/readonly-proxy.js` code-filters MCP calls to a read/navigation allowlist.
- `dist/backends/claude.js` denies shell, filesystem, web-fetch/search, and browser mutation tools.
- `dist/backends/codex.js` uses an isolated work directory and read-only sandbox.
- No hidden endpoint, credential harvesting, payload execution, or foreign AI-agent config mutation was found.
Source & flagged code
4 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/service.jsView on unpkgSource writes installer persistence such as shell profile or service configuration.
dist/service.jsView on unpkg · L12Package source invokes a package manager install command at runtime.
dist/mcp/readonly-proxy.jsView on unpkg · L38