AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/index.js` copies module skills into a target project and updates `AGENTS.md` during explicit `add`.
- `dist/index.js` runs `pnpm install` only after explicit `init`/`add` commands.
- `registry/modules/ai-chat/files/server/lib/ai/tools.ts` installs a model-callable HTTPS fetch capability in generated projects.
- The HTTPS fetch guard blocks common private IPv4 names but does not establish a comprehensive SSRF boundary.
- `package.json` contains no `preinstall`, `install`, `postinstall`, or `prepare` lifecycle hook.
- `dist/index.js` is a user-invoked CLI; import/load does not start network activity or mutate files.
- No CLI source network endpoint, credential harvesting, encoded payload, dynamic evaluation, or remote code loading was found.
- `registry/modules/auth/files/server/routes/auth.ts` uses credentials for configured Google authentication and user-directed transactional email flows.
Source & flagged code
4 flagged · loading sourcePackage source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L6753Package source references weak cryptographic algorithms.
registry/modules/billing-flitt/files/server/lib/billing/flitt.tsView on unpkg · L8Source appears to send environment or credential material to an external endpoint.
registry/modules/auth/files/server/routes/auth.tsView on unpkg · L32