AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/plugin-F3YZSTVP.js explicit `osm plugin install` can spawn `claude` or `codex` to add plugin marketplaces/install plugins.
- dist/add-SLI6RQWN.js explicit `osm add` spawns bundled `skills` installer for agent skill installation.
- dist/router-OL6DZN5S.js explicit router install fetches SKILL.md and writes `.skills/openskill-router.md`.
- dist/chunk-VRPJTK2B.js sends opt-out telemetry/install events to the OpenSkill API.
- package.json has no preinstall/install/postinstall hook; only prepublishOnly build hook.
- dist/index.js only wires commander CLI commands; dangerous actions require explicit CLI subcommands.
- Scanner remote execute hint maps to bundled Zod `Function`/JIT code, not a fetched payload.
- Network endpoints are package-aligned registry/API calls under openskill.md or OPENSKILL_API_URL override.
- No credential harvesting, destructive behavior, persistence, or stealth import-time execution found.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
dist/plugin-F3YZSTVP.jsView on unpkg · L2Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/chunk-VRPJTK2B.jsView on unpkg · L2A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/chunk-VRPJTK2B.jsView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/chunk-VRPJTK2B.jsView on unpkg · L2Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.jsView on unpkg · L2