AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `scripts/postinstall.mjs` runs at npm postinstall and can invoke node-pre-gyp or `npm rebuild` for better-sqlite3.
- `app/src/app/api/cli-tools/codex-settings/route.ts` writes Codex `config.toml` and `auth.json` after a POST.
- `app/src/app/api/cli-tools/claude-settings/route.ts` creates and writes Claude CLI settings after a POST.
- `app/src/app/api/cli-tools/openclaw-settings/route.ts` writes OpenClaw settings after a POST.
- `app/src/shared/services/cliRuntime.ts` permits CLI config writes by default unless `CLI_ALLOW_CONFIG_WRITES=false`.
- No install hook writes AI-agent configuration; postinstall is limited to bundled native-module compatibility.
- Agent-config mutations are runtime POST actions, validate request bodies, and create backups first.
- CLI launch reads local `.env` files and starts the packaged local server; no exfiltration endpoint was found in reviewed entrypoints.
- Reviewed lifecycle, CLI, and server-wrapper sources contain no credential upload, remote payload execution, destructive wipe, or stealth persistence.
Source & flagged code
31 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
app/.next/server/chunks/_d1e03206._.jsView on unpkg · L44RSA private key in app/.next/server/chunks/_d1e03206._.js
app/.next/server/chunks/_d1e03206._.jsView on unpkg · L44Package source invokes a package manager install command at runtime.
app/dbsetup.jsView on unpkg · L6Package source references dynamic require/import behavior.
app/bin/routiform.mjsView on unpkg · L109Package source references weak cryptographic algorithms.
app/open-sse/services/qoderCli.tsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
app/scripts/run-ecosystem-tests.mjsView on unpkg · L2Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
app/scripts/postinstall.mjsView on unpkg · L14Source reaches cloud instance metadata or link-local credential endpoints.
app/src/lib/network/safeOutboundFetch.tsView on unpkg · L1Package ships WebAssembly modules.
app/open-webui/static/sql.js/sql-wasm.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
app/open-webui/scripts/generate-sbom.shView on unpkgPackage ships high-entropy non-source blobs.
app/open-webui/static/audio/greeting.mp3View on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
app/tests/security/test-cloud-sync-and-call.shView on unpkgPackage contains source files above the static scanner size ceiling.
app/.next/server/chunks/ssr/_64b9964f._.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
app/server.jsView on unpkgHardcoded password in app/tests/unit/login-bootstrap-route.test.mjs
app/tests/unit/login-bootstrap-route.test.mjsView on unpkg · L77Hardcoded password in app/tests/unit/login-bootstrap-route.test.mjs
app/tests/unit/login-bootstrap-route.test.mjsView on unpkg · L140Hardcoded password in app/tests/unit/login-bootstrap-route.test.mjs
app/tests/unit/login-bootstrap-route.test.mjsView on unpkg · L167Hardcoded password in app/tests/unit/api-auth.test.mjs
app/tests/unit/api-auth.test.mjsView on unpkg · L152RSA private key in app/tests/unit/mitm-core.test.mjs
app/tests/unit/mitm-core.test.mjsView on unpkg · L108Hardcoded password in app/tests/unit/require-management-auth.test.mjs
app/tests/unit/require-management-auth.test.mjsView on unpkg · L34RSA private key in app/tests/unit/provider-validation-branches.test.mjs
app/tests/unit/provider-validation-branches.test.mjsView on unpkg · L433Hardcoded password in app/tests/unit/mcp-management-routes-auth.test.mjs
app/tests/unit/mcp-management-routes-auth.test.mjsView on unpkg · L44RSA private key in app/.next/server/chunks/_5664c74a._.js
app/.next/server/chunks/_5664c74a._.jsView on unpkg · L44RSA private key in app/.next/server/chunks/_593a35c0._.js
app/.next/server/chunks/_593a35c0._.jsView on unpkg · L201RSA private key in app/.next/server/chunks/_ba688be4._.js
app/.next/server/chunks/_ba688be4._.jsView on unpkg · L199Hardcoded password in app/.next/server/chunks/[root-of-the-server]__589a4c58._.js
app/.next/server/chunks/[root-of-the-server]__589a4c58._.jsView on unpkg · L3Hardcoded password in app/src/mitm/manager.ts
app/src/mitm/manager.tsView on unpkg · L326