AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- src/app/api/cli-tools/cowork-settings/route.js writes Claude/Cowork config and disables signature/approval/egress restrictions on POST
- src/app/api/cli-tools/codex-settings/route.js writes ~/.codex/config.toml and auth.json to route Codex through 9Router on POST
- src/app/api/oauth/cursor/auto-import/route.js and kiro/auto-import read local IDE/AWS token stores when requested
- src/lib/agent/tools.js exposes admin-only full-mode file write and shell command tools
- installer/bootstrap.mjs stages app to /opt/mop-agent or LOCALAPPDATA and runs npm install plus installer menu when bin is invoked
- package.json has no preinstall/install/postinstall lifecycle scripts; installer is only bin-invoked via mop-agent/npx
- installer/bootstrap.mjs refuses broad unsafe Linux destinations and does not copy .env secrets
- src/dashboardGuard.js marks spawn/host-secret routes local-only and requires CLI token or authenticated local session
- auto-import endpoints are listed in ALWAYS_PROTECTED and LOCAL_ONLY_PATHS, not public unauthenticated routes
- network references are aligned with declared assistant/router features and provider validation, not hardcoded exfiltration endpoints
- No obfuscated payload, native binary, import-time execution, or credential exfiltration path found in inspected files
Source & flagged code
11 flagged · loading sourcePackage contains a possible secret pattern.
src/app/api/profile/password/route.jsView on unpkg · L43Package source references child process execution.
bin/mop-detect-run.mjsView on unpkg · L13Package source references a known benign dynamic code generation pattern.
scripts/injectDisplayToRegistry.mjsView on unpkg · L22Package source references weak cryptographic algorithms.
open-sse/shared/qoder/cosy.jsView on unpkg · L43This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
installer/mop-agent.mjsView on unpkgSource writes installer persistence such as shell profile or service configuration.
installer/mop-agent.mjsView on unpkg · L14A single source file combines environment access, network access, and code or shell execution; review context before blocking.
cli/cli.jsView on unpkg · L737Package source invokes a package manager install command at runtime.
src/lib/updater/updater.jsView on unpkg · L1Package declares a runtime dependency whose name matches a Node built-in module.
package.jsonView on unpkg