AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/agent/executor.js` exposes agent-directed project reads, writes, edits, and shell execution.
- `dist/agent/executor.js` runs approved commands through `sh -c`; model tool calls can trigger it.
- `dist/client/minimax-client.js` and `dist/client/coding-plan-client.js` send requested AI work to `https://api.minimax.io`.
- `dist/cli.js` `--init` explicitly creates `~/.claude/minimax-usage.jsonl`; it does not copy or overwrite `CLAUDE.md`.
- `package.json` has no `preinstall`, `install`, or `postinstall` hook.
- `dist/mcp-server.js` starts MCP only when invoked; CLI is selected only with arguments.
- `dist/agent/safety.js` rejects chaining, privileged commands, inline Node evaluation, download-to-shell patterns, and destructive shell patterns.
- `dist/utils/path-safety.js` confines agent file operations to the supplied working directory.
- No hidden endpoint, credential harvesting, remote payload loading, or stealth persistence was found.
Source & flagged code
4 flagged · loading source`dist/agent/executor.js` exposes agent-directed project reads, writes, edits, and shell execution.
dist/agent/executor.jsView on unpkg`dist/agent/executor.js` runs approved commands through `sh -c`; model tool calls can trigger it.
dist/agent/executor.jsView on unpkg`dist/client/minimax-client.js` and `dist/client/coding-plan-client.js` send requested AI work to `https://api.minimax.io`.
dist/client/minimax-client.jsView on unpkg`dist/cli.js` `--init` explicitly creates `~/.claude/minimax-usage.jsonl`; it does not copy or overwrite `CLAUDE.md`.
dist/cli.jsView on unpkg