AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/routes/computerRoutes.js exposes runtime /execute-command API that runs caller-supplied commands in a workspace.
- dist/utils/computer/hookConfigUtils.js can write .codex/hooks.json, .claude/settings.json, .mcp.json, hook scripts, and .opencode plugins from request-supplied config.
- dist/utils/computer/computerUtils.js downloads user-supplied skillUrls and installs extracted skills into agent workspace directories.
- dist/server.js serves broad file/workspace management APIs without visible auth middleware in inspected code.
- package.json has no preinstall/install/postinstall; only prepublishOnly build script, not consumer install-time execution.
- dist/cli.js only starts/stops/status-checks the local service and stores PID data under OS tmpdir.
- dist/utils/buildArg/portUtils.js uses ss/netstat/lsof/ps only for local port and process discovery; no reverse shell endpoint found.
- dist/scheduler/pnpmPruneScheduler.js runs fixed pnpm store prune/path and du commands, configurable by env but not a remote payload fetch.
- No hardcoded exfiltration host, credential harvesting loop, destructive install-time mutation, or reviewer prompt injection found.
Source & flagged code
4 flagged · loading sourcePackage source references child process execution.
dist/scheduler/pnpmPruneScheduler.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.jsView on unpkg · L1Source matches reverse-shell style process and socket wiring.
dist/utils/buildArg/portUtils.jsView on unpkg · L1Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/utils/buildArg/portUtils.jsView on unpkg · L1