AI Security Review
scanned 21h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs `rea setup`; Hopper installation requires `--yes` when absent.
Impact
Adds a persistent local MCP command registration; no stealth, credential exfiltration, remote payload execution, or destructive behavior was found.
Mechanism
Explicit coding-agent MCP configuration and approved analysis-tool installation.
Rationale
Warn because explicit setup mutates third-party AI-agent configuration, creating persistent MCP registrations. Source inspection does not establish malicious behavior or an unconsented install-time control-surface mutation.
Evidence
package.jsonscripts/rea.mjsdist/cli.jsdist/application/Setup.jsdist/application/Uninstall.jsdist/application/LinuxHopper.jsinstall.shbridge/hopper_bridge.pydist/hopper/BridgeLauncher.jsdist/native/CommandRunner.js
Network endpoints5
www.hopperapp.com/include/files-api.php?request=releases&public=truewww.hopperapp.com:443/downloader/public/raw.githubusercontent.com/Homebrew/install/HEAD/install.shnodejs.org/dist/v${NODE_VERSION}api.github.com/repos/$REPOSITORY/releases/latest
Decision evidence
public snapshotAI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `dist/application/Setup.js` writes an REA MCP registration into detected Claude, Codex, Cursor, Gemini, Windsurf, and Claude Desktop configs.
- `dist/cli.js` exposes this as the explicit `rea setup` command.
- `dist/application/LinuxHopper.js` can download and install Hopper after user setup approval.
Evidence against
- `package.json` has no preinstall/install/postinstall hook; `prepare` only invokes Husky.
- `scripts/rea.mjs` only dispatches user-invoked CLI/MCP modes.
- `dist/application/Setup.js` uses the package's own `rea`/`npx -y rea-agents mcp` registration and backs up/readbacks configs.
- `dist/application/Uninstall.js` removes only registrations matching REA ownership and package-owned paths.
- Reviewed network use targets Hopper, Homebrew, Node.js, GitHub, or loopback; no credential harvesting or exfiltration found.
- Child-process use is explicit tooling/package installation without shell evaluation in analysis paths.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/application/BinarySession.jsView file
90importEvidenceBundle(bundle) {
L91: return this.#evidence.import(bundle);
L92: }
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/application/BinarySession.jsView on unpkg · L90dist/application/LinuxHopper.jsView file
1import { createHash } from "node:crypto";
L2: import { execFile } from "node:child_process";
L3: import { access, mkdtemp, readFile, rm, writeFile } from "node:fs/promises";
...
L8: const execFileAsync = promisify(execFile);
L9: const RELEASES_URL = "https://www.hopperapp.com/include/files-api.php?request=releases&public=true";
L10: const DOWNLOAD_PREFIX = "https://www.hopperapp.com:443/downloader/public/";
...
L104: ok: response.ok,
L105: bytes: new Uint8Array(await response.arrayBuffer()),
L106: };
...
L114: const linked = await execFileAsync("ldd", [path]);
L115: return linuxSharedLibrariesAvailable(`${linked.stdout}\n${linked.stderr}`);
L116: }
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/application/LinuxHopper.jsView on unpkg · L1bridge/hopper_bridge.pyView file
•path = bridge/hopper_bridge.py
kind = build_helper
sizeBytes = 31181
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
bridge/hopper_bridge.pyView on unpkgFindings
5 Medium6 Low
MediumDynamic Requiredist/application/BinarySession.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperbridge/hopper_bridge.py
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/application/LinuxHopper.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings