AI Security Review
scanned 1d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- package.json defines preinstall/postinstall hooks and obfuscated executable main/bin .ad/x0.js.
- scripts/preinstall.js prompts for a red-team EULA and writes ~/.nolimit/eula.json only after interactive acceptance.
- scripts/postinstall.js runs only on Windows, calls npm config get prefix, and creates a nolimit.cmd shim to .ad/x0.js.
- .ad/x0.js is a heavily obfuscated CLI using nodemailer, SMTP/SMS flows, auth/license checks, DKIM key generation, and DNS lookup.
- src/web-panel/ws.js injects a webmail panel and automates Gmail/Outlook/Yahoo compose/send actions for target lists.
- templates/functions.txt documents scanner-evasion features including obfuscated HTML redirects, .url attachments, SVG xlink links, thread prefixes, and generated service-style sender addresses.
- No install-time remote payload download or credential/env harvesting found in lifecycle scripts.
- No lifecycle writes to Claude/Codex/Cursor/MCP or other AI-agent control surfaces.
- No shell startup, VCS hook, OS autostart, or detached daemon persistence found.
- Network endpoint observed in source is DNS lookup for the user-invoked dkim command, not install-time exfiltration.
Source & flagged code
6 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
src/web-panel/ws.jsView on unpkg · L269Source file is highly similar to a previously finalized malicious package; route for source-aware review.
scripts/postinstall.jsView on unpkgSource fingerprint signature matches a known malicious package signature; route for source-aware review.
scripts/postinstall.jsView on unpkg