AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/application/install-cursor-skills.js copies bundled cursor-skills into ~/.cursor/skills or project .cursor/skills when MCP tool is invoked
- dist/application/install-cursor-agents.js copies bundled cursor-agents markdown into ~/.cursor/agents or project .cursor/agents when MCP tool is invoked
- dist/application/share-cursor-github.js and share-cursor-bitbucket.js can open PRs with local cursor agent/skill files using host GitHub/Bitbucket credentials
- dist/server.js writes mcp-debug.log during HTTP server runtime
- package.json has no preinstall/install/postinstall; prepare only runs husky and build
- Cursor writes are exposed as explicit MCP tools, not automatic install-time mutation
- GitHub/Bitbucket tokens are read from server env and used for configured repo PR creation, not sent to arbitrary endpoints
- Runrun.it and Discord network calls are package-aligned tool behavior
- Sentry path redacts token/password/secret/api key fields before telemetry
- No child_process execution or remote payload download found in runtime source
Source & flagged code
4 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L1225A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L1225Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L2941Package source references dynamic require/import behavior.
dist/server.jsView on unpkg · L9