AI Security Review
scanned 19h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- src/agent/react-loop.js sends prompts/history/cwd/meta to configured server /stream and receives tool calls.
- src/tools/local.js exposes LOCAL_CMD, file write/edit/delete, fetch/search, and script execution tools for agent use.
- src/services/ssh.js accepts user/device SSH credentials and executes SSH commands on selected hosts.
- src/commands/mcp.js and src/tools/mcp-client.js let users register stdio/http MCP servers and call their tools.
- src/skills/loader.js can create/load first-party skills under ~/.osai-agent/skills or ./.osai-agent/skills.
- package.json has no npm lifecycle hooks, install scripts, or postinstall execution.
- Entrypoint src/index.js is a user-invoked CLI dispatcher, not import-time malware.
- No evidence of writes to foreign AI-agent surfaces such as CLAUDE.md, Codex/Cursor settings, or .mcp.json.
- SSH private key pattern in src/services/ssh.js is validation of user-supplied credentials, not an embedded secret.
- Local command execution filters environment variables and applies safety/confirmation checks in src/safety/check.js and tool-executor.js.
- Network endpoints are package-aligned AI/provider/auth/search endpoints, with no hidden exfiltration path found.
Source & flagged code
7 flagged · loading sourcePackage contains a critical-looking secret pattern.
src/services/ssh.jsView on unpkg · L19This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/agent/react-loop.jsView on unpkgHardcoded password in src/ui/components/ConfirmationDialog.js
src/ui/components/ConfirmationDialog.jsView on unpkg · L41Hardcoded password in src/agent/loop/tool-executor.js
src/agent/loop/tool-executor.jsView on unpkg · L243