AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- Explicit `init`/`update` can configure Playwright MCP via `npx @playwright/mcp@latest`.
- `dist/commands/editors.js` writes project `AGENTS.md`, `CLAUDE.md`, editor commands, and OpenCode settings.
- `update` explicitly installs the package globally/locally and re-executes its CLI.
- `package.json` has only `prepublishOnly`; no install-time lifecycle hook.
- `dist/index.js` exposes mutations only behind explicit CLI subcommands.
- MCP/config changes are scoped to the current project and use OpenSpec marker blocks.
- No credential harvesting, remote payload loading, eval/vm use, or unrelated exfiltration found.
- Network use is version checking and user-project diagnostics, not a hidden endpoint.
Source & flagged code
4 flagged · loading sourcePackage source references child process execution.
dist/shared/version-check.jsView on unpkg · L12Package source invokes a package manager install command at runtime.
dist/commands/coverage.jsView on unpkg · L278This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/commands/doctor.jsView on unpkg