AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `scripts/prd_install.py` explicitly enables `prd-plugin@prd-plugin` in `.claude/settings.json`.
- The explicit installer copies an MCP server and adds `.mcp.json` entry `prd-plugin`.
- Installer defaults include Claude commands/hooks; `prd_stop_guard.py` can block a Claude stop event.
- Package distributes agent-directed `SKILL.md` and configuration artifacts.
- `prd_vectorsmith.py` can send bounded context and an env API key to configured VectorSmith endpoints.
- `package.json` has no preinstall/install/postinstall lifecycle hooks.
- `index.js` only exports static package paths; no import-time execution.
- CLI wrappers invoke fixed packaged Python scripts with `shell: false`.
- VectorSmith is optional in the template (`mode: off`) and defaults to localhost.
- No source evidence of credential harvesting, remote payload loading, or destructive commands.
Source & flagged code
2 flagged · loading sourcePackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.prd_plugin/hooks/prd_stop_guard.pyView on unpkgPackage ships non-JavaScript build or shell helper files.
.prd_plugin/hooks/prd_stop_guard.pyView on unpkg