AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit initialization installs first-party agent prompt files into selected AI-harness directories. User-invoked workflow templates can launch local harness binaries and a local server can launch `self-review` for validated plan files; no unconsented install-time mutation or exfiltration is established.
Decision evidence
public snapshot- `dist/index.js` `init` copies templates after explicit `strikethroo init`.
- `dist/harnesses/agent-adapter.js` writes agent files to selected harness directories.
- `dist/utils.js` targets `.codex/agents`, `.claude/agents`, `.github/agents`, and peers.
- `templates/harness/skills/st-full-workflow/scripts/dispatch-task-execution.cjs` can launch selected local harness CLIs when a skill is run.
- `dist/serve/self-review.js` launches PATH-resolved `self-review` from a local POST endpoint.
- `package.json` has no `preinstall`, `install`, or `postinstall` hook.
- `prepare` only invokes `husky`; published files omit a `.husky` directory.
- Init requires an explicit CLI command and selected `--harnesses` values.
- No credential harvesting, HTTP client, remote payload download, or exfiltration was found.
- Server endpoints bind to `localhost`; path validation confines self-review inputs to workspace plans/archive.
- Dispatcher uses argv-based process spawning; bundled `eval`/`Function` occur in vendored parsing code.
Source & flagged code
8 flagged · loading sourcePackage source references child process execution.
dist/serve/server.jsView on unpkg · L59Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
templates/harness/skills/st-full-workflow/scripts/dispatch-task-execution.cjsView on unpkg · L288Package source references a known benign dynamic code generation pattern.
templates/harness/skills/st-full-workflow/scripts/dispatch-task-execution.cjsView on unpkg · L1376Package source references dynamic require/import behavior.
dist/prompts.jsView on unpkg · L13Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist-web/assets/cytoscape.esm-BHYC38rz.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist-web/assets/sql-D0XecflT.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist-web/assets/vbscript-BuJXcnF6.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
templates/harness/skills/st-full-workflow/scripts/route-task-execution.cjsView on unpkg