AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs `mewkit migrate codex` (including optional `--global`/`--yes`).
Impact
Changes an AI-agent control surface and can propagate project-selected hook execution.
Mechanism
Explicit agent-config migration and hook-wrapper installation.
Rationale
No concrete install-time or stealthy malicious behavior was found. Its explicit agent-control-surface mutation and hook execution capability merit a warning under the firewall policy.
Evidence
package.jsondist/commands/migrate.jsdist/migrate/hooks/codex-hook-wrapper.jsdist/migrate/hooks/codex-shell-env-installer.jsdist/core/github-releases.jsdist/memory/validate.js.codex/config.toml.codex/hooks.claude/hooks/lib/validate-content.cjs
Network endpoints1
api.github.com/repos/ngocsangyem/MeowKit/releases
Decision evidence
public snapshotAI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `mewkit migrate` explicitly invokes migration orchestration.
- Migration writes `.codex/config.toml` and hook wrappers.
- Generated Codex wrappers can spawn copied project hook scripts.
- `upgrade` fetches GitHub releases and downloads ZIP assets.
Evidence against
- `package.json` has no preinstall/install/postinstall lifecycle hook.
- CLI dispatch requires an explicit user command for migrate/upgrade.
- No source evidence of credential harvesting or secret exfiltration.
- Dynamic validator load targets a project-owned `.claude` validator during memory operations.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsMinifiedObfuscatedUrlStrings
Source & flagged code
2 flagged · loading sourcedist/memory/validate.jsView file
4import { CURATED_STORES } from "./schemas.js";
L5: const require = createRequire(import.meta.url);
L6: // Load the real validate-content.cjs (DRY — never reimplement the injection
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/memory/validate.jsView on unpkg · L4dist/orchviz-web/fira-code-greek-500-normal.woff2View file
•path = dist/orchviz-web/fira-code-greek-500-normal.woff2
kind = high_entropy_blob
sizeBytes = 7816
magicHex = [redacted]
High
Ships High Entropy Blob
Package ships high-entropy non-source blobs.
dist/orchviz-web/fira-code-greek-500-normal.woff2View on unpkgFindings
1 High4 Medium6 Low
HighShips High Entropy Blobdist/orchviz-web/fira-code-greek-500-normal.woff2
MediumDynamic Requiredist/memory/validate.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings