AI Security Review
scanned 1d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- package.json declares install hooks and an obfuscated CLI main at .ad/x0.js
- CLI implements bulk email/SMS sending via nodemailer and provider APIs in .ad/x0.js
- CLI can collect contacts/mail recipients through Microsoft Graph, Google People, and IMAP in .ad/x12.js
- web-command creates a Chrome extension with <all_urls> permission and localhost WebSocket injection, but only via nolimit web --setup
- src/web-panel/ws.js injects a sending panel into active webmail pages and automates compose/send DOM actions
- scripts/preinstall.js is an interactive EULA and only writes ~/.nolimit/eula.json on acceptance
- scripts/postinstall.js only creates a Windows nolimit.cmd shim after resolving npm prefix
- No lifecycle hook writes Claude/Codex/Cursor/MCP/agent control surfaces
- No install-time credential harvesting or network exfiltration found
- Dangerous extension setup and sending/contact features are user-invoked CLI flows
Source & flagged code
6 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
src/web-panel/ws.jsView on unpkg · L269Source file is highly similar to a previously finalized malicious package; route for source-aware review.
scripts/postinstall.jsView on unpkgSource fingerprint signature matches a known malicious package signature; route for source-aware review.
scripts/postinstall.jsView on unpkg