AI Security Review
scanned 10d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. Sensitive operations are CLI features for developer setup, security scanning, plugin management, and opt-in memory sync rather than install-time or import-time behavior.
Decision evidence
public snapshot- dist/memory/install.js can write Claude Code hooks/statusLine to ~/.claude/settings.json when user runs memory install.
- dist/agent-config.js can write managed kit instructions and read-only allow rules to agent config files during setup/agent-config.
- dist/memory/remote-sync.js supports opt-in encrypted memory sync to user-configured git/command transport from ~/.kit/sync.toml.
- package.json has no consumer install/postinstall hooks; only prepublishOnly build hook.
- dist/plugin-loader.js validates npm plugin names and restricts dynamic imports to project node_modules.
- dist/plugins.js installs plugins only through explicit installPlugin runtime action using npm argv, not lifecycle execution.
- dist/memory/remote-sync.js documents opt-in local config, encrypts memory blobs, blocks project-origin sync, and strips KIT secrets for command transport.
- dist/agent-config.js says install-gate and permissions are opt-in/idempotent and does not set bypass/deny rules.
- No hardcoded exfiltration endpoint or automatic credential/env harvesting path was found in inspected hot files.
Source & flagged code
9 flagged · loading sourcePackage source references child process execution.
dist/post-pull-audit.jsView on unpkg · L24Package source references a known benign dynamic code generation pattern.
dist/triage-sandbox.jsView on unpkg · L75Package source references dynamic require/import behavior.
dist/plugin-loader.jsView on unpkg · L75Package source references weak cryptographic algorithms.
dist/elevation.jsView on unpkg · L29Source writes installer persistence such as shell profile or service configuration.
dist/cli.jsView on unpkg · L18Package source invokes a package manager install command at runtime.
dist/plugins.jsView on unpkg · L223Package ships non-JavaScript build or shell helper files.
skills/triage/scripts/triage.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
dist/check-security.jsView on unpkg