AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/util/claude-config.js writes Claude Desktop mcpServers only via explicit connect-claude command
- dist/util/claude-config.js invokes claude mcp remove/add for Claude Code user scope
- dist/cli/init.js can persist Enable Banking private key to ~/.saldo/config.json on explicit init
- dist/broker-client.js sends device credentials to configured broker and stores broker-device.json
- package.json has no preinstall/install/postinstall hooks; only prepublishOnly build
- dist/cli/index.js connect-claude/disconnect-claude are explicit CLI commands, not install/import-time actions
- MCP tools in dist/mcp/server.js are read-only finance queries; no money movement or shell execution
- Network endpoints are package-aligned: api.enablebanking.com, saldo-broker.up.railway.app, localhost callback
- dist/providers/enablebanking/client.js uses bearer tokens for Enable Banking API calls, not broad exfiltration
- .env.example contains placeholder PEM text, not a real secret
Source & flagged code
4 flagged · loading sourcePackage source references weak cryptographic algorithms.
dist/providers/enablebanking/mappers.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/util/claude-config.jsView on unpkg