AI Security Review
scanned 4d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- Explicit `prd-install`/`prd-install-skills` commands copy skills into `.agents/skills`, `.opencode/skill`, and `.claude/skills`.
- Installer configures Claude hook assets, including `templates/repo-skeleton/.claude/hooks/prd_stop_guard.py`, which can block agent stopping while a goal remains active.
- Optional `scripts/prd_vectorsmith.py` sends configured evidence queries to a VectorSmith endpoint and reads its API key from an environment variable.
- `package.json` has no `preinstall`, `install`, `postinstall`, or uninstall lifecycle hooks.
- `bin/prd-install.js` and `bin/prd-install-skills.js` execute only when explicitly invoked; both use argument-array `spawnSync` with `shell: false`.
- `index.js` only exports package paths; it has no import-time side effects.
- The MCP server is stdio JSON-RPC and its Python subprocess calls use fixed package script names; no remote payload loading was found.
- No credential harvesting, broad filesystem collection, destructive logic, or unconsented install-time agent-control mutation was found.
Source & flagged code
2 flagged · loading sourcePackage ships non-JavaScript build or shell helper files.
scripts/version_advice.pyView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
templates/repo-skeleton/.claude/hooks/prd_stop_guard.pyView on unpkg