AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- lib/deploy.js writes ~/.cursor/mcp.json to register obolus-shield MCP server when bin is run
- lib/deploy.js writes .cursor/rules/00-obolus-mcp.mdc with alwaysApply instructions forcing agent file reads through the MCP tool
- lib/deploy.js fetches remote rules from https://obolus-nu.vercel.app/api/sync?key=... and writes them into .cursor/rules
- lib/shield.cjs exposes read_optimized_file that reads arbitrary file paths supplied by the AI client
- lib/shield.cjs sends telemetry to https://obolus-nu.vercel.app/api/telemetry after reads
- package.json has no preinstall/install/postinstall lifecycle scripts
- Entrypoints sync.js and init.js require explicit CLI invocation and a project key
- No source evidence that file contents or credentials are exfiltrated; telemetry contains project_key and tokens_saved
- No child_process execution, eval/vm/Function, native binary loading, persistence beyond user-invoked Cursor MCP config
Source & flagged code
5 flagged · loading sourcelib/deploy.js writes ~/.cursor/mcp.json to register obolus-shield MCP server when bin is run
lib/deploy.jsView on unpkglib/deploy.js writes .cursor/rules/00-obolus-mcp.mdc with alwaysApply instructions forcing agent file reads through the MCP tool
lib/deploy.jsView on unpkglib/deploy.js fetches remote rules from https://obolus-nu.vercel.app/api/sync?key=... and writes them into .cursor/rules
lib/deploy.jsView on unpkglib/shield.cjs exposes read_optimized_file that reads arbitrary file paths supplied by the AI client
lib/shield.cjsView on unpkglib/shield.cjs sends telemetry to https://obolus-nu.vercel.app/api/telemetry after reads
lib/shield.cjsView on unpkg