AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `extensions/toolset/ssh.ts` registers AI-callable SSH connect/run tools that forward arbitrary commands.
- `internal-python-gui/main.py` executes queued commands over Paramiko SSH and returns terminal output.
- `extensions/toolset/install.ts` can download and execute `uv.exe` without checksum verification after explicit confirmation.
- A 62 MB native executable is shipped at `internal-python-gui/bin/uv.exe`.
- `package.json` has no npm lifecycle scripts.
- Install actions are exposed through the explicit `/aftc-install` command and UI confirmation.
- SSH HTTP traffic is restricted to local `127.0.0.85:8564`; no source exfiltration endpoint was found.
- SQLite storage is limited to local usage metrics under `.pi-aftc-toolset/data/`.
Source & flagged code
4 flagged · loading sourcePackage source references a known benign dynamic code generation pattern.
tests/full-check/full-check.mjsView on unpkg · L175Package source references dynamic require/import behavior.
tests/load-test/load-test.cjsView on unpkg · L6Package ships native binary artifacts.
internal-python-gui/bin/uv.exeView on unpkgPackage ships non-JavaScript build or shell helper files.
internal-python-gui/main.pyView on unpkg