AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/installer.js` runs a Bash installer only through explicit `rose-aili install|update`.
- `scripts/install_opencode.sh` creates links/copies under `OPENCODE_HOME` and `$HOME/.agents/skills`.
- `dist/installer.js` can invoke global CodeGraph/OpenSpec installs only after explicit opt-in flags.
- `package.json` has no preinstall/install/postinstall hook; its only lifecycle hook is `prepare`.
- `dist/cli.js` executes only when invoked as the CLI main module.
- `dist/config.js` limits config writes to the chosen OpenCode config and rejects symlink targets.
- No package code performs credential harvesting, network exfiltration, eval, dynamic loading, or remote payload download.
- `.agents/skills/minimax-pdf/scripts/fill_inspect.py` is readable PDF-form inspection code, not a hidden payload.
Source & flagged code
5 flagged · loading sourcePackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.agents/skills/minimax-pdf/scripts/fill_inspect.pyView on unpkgPackage ships non-JavaScript build or shell helper files.
.agents/skills/minimax-pdf/scripts/fill_inspect.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/installer.jsView on unpkgHardcoded password in .agents/skills/react-native-dev/references/forms.md
.agents/skills/react-native-dev/references/forms.mdView on unpkg · L297Hardcoded password in .agents/skills/react-native-dev/references/testing.md
.agents/skills/react-native-dev/references/testing.mdView on unpkg · L95