AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/installer.js` runs a Bash installer and can invoke global OpenCode/plugin tooling after `rose-aili install` or `update`.
- `scripts/install_opencode.sh` writes or links package agents, skills, commands, and `AGENTS.md` into the configured OpenCode home.
- `dist/installer.js` can run optional/global third-party installs for DCP, CodeGraph, and OpenSpec.
- `package.json` has only `prepare`; no preinstall/install/postinstall hook mutates user configuration.
- `dist/cli.js` requires explicit `install` or `update`; import/CLI help paths do not install.
- `dist/installer.js` validates OpenCode paths and rejects unknown manifest plugins.
- No credential harvesting, exfiltration endpoint, obfuscated payload, eval, or remote payload execution was found.
- `.agents/skills/minimax-pdf/scripts/fill_inspect.py` is a readable PDF form-inspection helper; its subprocess use installs missing `pypdf`, not a hidden payload.
Source & flagged code
4 flagged · loading sourcePackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.agents/skills/minimax-pdf/scripts/fill_inspect.pyView on unpkgPackage ships non-JavaScript build or shell helper files.
.agents/skills/minimax-pdf/scripts/fill_inspect.pyView on unpkgHardcoded password in .agents/skills/react-native-dev/references/forms.md
.agents/skills/react-native-dev/references/forms.mdView on unpkg · L297Hardcoded password in .agents/skills/react-native-dev/references/testing.md
.agents/skills/react-native-dev/references/testing.mdView on unpkg · L95