AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `tide install` explicitly writes `$CODEX_HOME/hooks.json` and a hook command.
- `aim setup` explicitly adds a `PreToolUse` hook under the chosen Codex home.
- Tide's installer replaces the hooks configuration after optionally saving `.tide-bak`.
- The installed AIM hook defaults to `npx -y rippletide-package@latest aim`, enabling later remote package resolution during tool calls.
- `package.json` has only `prepublishOnly`; no preinstall/install/postinstall hook.
- `bin/rippletide.js` dispatches only after an explicit CLI subcommand.
- Network calls target declared OpenAI-compatible APIs, local services, or user-supplied evaluator URLs.
- No executable/binary payloads, `eval`, `Function`, or VM execution were found.
- No credential harvesting or unrelated exfiltration path was found in reviewed source.
Source & flagged code
5 flagged · loading sourcePackage source references dynamic require/import behavior.
reviewer/codex/rippletide-reviewer/scripts/rippletide-codex.mjsView on unpkg · L23Package source references weak cryptographic algorithms.
surface/src/util.jsView on unpkg · L127Package ships non-JavaScript build or shell helper files.
harness/sdk/python/rippletide.pyView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
tide/sdk-python/tests/test_runtime.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
evaluator/src/cli.jsView on unpkg