AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/run-CUcRdKFK.js defines a direct LLM backend that sends prompts/tools to api.anthropic.com, api.openai.com, or generativelanguage.googleapis.com.
- dist/run-CUcRdKFK.js exposes read_file/write_file/shell/grep/glob/edit/apply_patch tools to the configured remote model when direct backend is enabled.
- dist/cli/index.js `substrate init` writes AGENTS.md, CLAUDE.md, GEMINI.md, .claude/settings.json, .codex prompts/skills; optional --install-user-scope writes ~/.codex substrate-* content.
- dist/cli/templates/claude-md-substrate-section.md tells Claude to run substrate without exploring source, an agent steering surface mutation.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- Agent/control-surface writes are under explicit `substrate init`, not npm install/import time.
- Codex user-scope writes are namespaced substrate-* and require --install-user-scope; stale pruning is prefix-limited.
- Network endpoints are major LLM provider APIs or npm registry update checks, aligned with an AI orchestration CLI.
- No evidence of credential harvesting beyond reading configured provider API keys from env for intended API calls.
- Upgrade `npm install substrate@version` is an explicit upgrade command with prompt/--yes, not hidden runtime install.
Source & flagged code
9 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/run-CUcRdKFK.jsView on unpkgPackage source references child process execution.
dist/run-CUcRdKFK.jsView on unpkg · L16Source exposes local file and command tools to a remote model endpoint.
dist/run-CUcRdKFK.jsView on unpkg · L16Package source invokes a package manager install command at runtime.
dist/run-CUcRdKFK.jsView on unpkg · L15901Package source references a known benign dynamic code generation pattern.
dist/run-CUcRdKFK.jsView on unpkg · L31950Package source references dynamic require/import behavior.
dist/cli/index.jsView on unpkg · L1501Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/dist-DiNK6QOD.jsView on unpkg · L3Package ships non-JavaScript build or shell helper files.
dist/cli/templates/statusline.shView on unpkg