AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/scripts/setup-mcp.js explicitly upserts ragcode MCP entries into Claude/Codex config files when run.
- dist/src/service/service-manager.js can install user-level systemd/launchd/schtasks watcher persistence via ragcode service install.
- dist/scripts/setup-mcp.js can embed API keys into MCP config only with --include-secrets.
- package.json has no preinstall/install/postinstall lifecycle; only prepublishOnly.
- bin dist/src/cli/index.js activates behavior through user-invoked CLI commands.
- Network calls are package-aligned optional OpenAI/Anthropic/Gemini/localhost provider APIs, not hardcoded exfiltration.
- Dynamic require in dist/src/config/package-info.js only reads package.json for version detection.
- No obfuscated remote payload loading, credential harvesting loop, destructive behavior, or install-time AI-agent hijack found.
Source & flagged code
4 flagged · loading sourcePackage source references a known benign dynamic code generation pattern.
web/dist/assets/index-ClPwX7rX.jsView on unpkg · L38Package source references dynamic require/import behavior.
dist/src/config/package-info.jsView on unpkg · L3Source writes installer persistence such as shell profile or service configuration.
dist/src/service/service-manager.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/src/context/context-builder.jsView on unpkg