AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `norma-design-lint init`.
Impact
Can alter AI-agent guidance and CI configuration in the current project after user invocation.
Mechanism
Explicit project scaffolding writes agent instructions and workflow files.
Rationale
No concrete malicious chain was found, but explicit creation of a root AI-agent control file warrants a non-blocking warning under the stated policy.
Evidence
package.jsondist/cli.jsdist/init.jsdist/mcp.js.normarc.json.github/workflows/design-lint.ymlAGENTS.mddist/agents/AGENTS.md
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `dist/cli.js` exposes explicit `init` command.
- `dist/init.js` writes `AGENTS.md` into caller cwd.
- `dist/init.js` writes `.github/workflows/design-lint.yml`.
- Bundled `dist/agents/AGENTS.md` is copied by init.
Evidence against
- `package.json` has no preinstall/install/postinstall hooks.
- Writes require explicit `norma-design-lint init` invocation.
- MCP server in `dist/mcp.js` is stdio-only.
- No network client, shell execution, eval, or credential harvesting found.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystem
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/checks/helpers.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = norma-design-lint@1.23.1
matchedIdentity = npm:bm9ybWEtZGVzaWduLWxpbnQ:1.23.1
similarity = 0.944
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/checks/helpers.jsView on unpkgFindings
1 High1 Medium4 Low
HighPrevious Version Dangerous Deltadist/checks/helpers.js
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings