AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `cli/lib/commands.mjs` downloads and installs an `engram` release into `~/.local/bin/engram` during explicit `ozali init`.
- `cli/lib/commands.mjs` invokes `engram setup claude-code` or `engram setup opencode` after installation.
- Explicit `init` writes agent configuration, including `.claude/settings.json`, `opencode.json`, and `~/.claude.json` workspace trust.
- The bundled permission profile allows agent command/web-fetch capabilities; downloaded release selection has no checksum/signature verification.
- `package.json` contains no `preinstall`, `install`, `postinstall`, or other lifecycle hook.
- `cli/bin/ozali.mjs` runs only when the user invokes the `ozali` executable.
- Agent setup is disclosed and gated by `init` options/prompts; `--dry-run` avoids writes.
- No credential harvesting, obfuscation, hidden payload, import-time execution, or package-owned exfiltration code was found.
Source & flagged code
2 flagged · loading sourceSource writes installer persistence such as shell profile or service configuration.
cli/lib/commands.mjsView on unpkg · L21This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
cli/lib/util.mjsView on unpkg