AI Security Review
scanned 1d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- src/agent/prompt.js grants broad LOCAL_CMD, file write/delete, RUN_SCRIPT, SSH, web, browser, and MCP tools to the agent.
- src/safety/check.js auto-approves coding-mode write tools and command writes; src/index.js exposes run --no-confirm.
- src/agent/react-loop.js sends conversation history, cwd/meta, skills and MCP tool descriptions to the configured server /stream.
- src/commands/mcp.js and src/tools/mcp-client.js let users register stdio/http MCP servers and execute their tools.
- src/services/ssh.js and src/tools/ssh.js support SSH credential use and remote command execution.
- package.json has no npm lifecycle hooks, so install does not execute package code.
- No writes to foreign AI-agent control surfaces such as CLAUDE.md, .mcp.json, Codex, Cursor, or Claude settings were found.
- Network traffic is package-aligned CLI/server operation with user login/configuration.
- SSH private-key pattern in src/services/ssh.js is validation logic, not an embedded secret.
- Dangerous primitives are exposed through an explicitly user-invoked AI/sysadmin CLI rather than import-time execution.
- Local sessions/todos/skills are under the package-owned ~/.osai-agent namespace.
Source & flagged code
7 flagged · loading sourcePackage contains a critical-looking secret pattern.
src/services/ssh.jsView on unpkg · L19This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/agent/react-loop.jsView on unpkgHardcoded password in src/ui/components/ConfirmationDialog.js
src/ui/components/ConfirmationDialog.jsView on unpkg · L41Hardcoded password in src/agent/loop/tool-executor.js
src/agent/loop/tool-executor.jsView on unpkg · L243