AI Security Review
scanned 9h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `.claude-plugin/scripts/install.sh` explicitly writes `~/.claude/settings.json` and copies commands/agents into `~/.claude`.
- That installer configures `npx swarmdo@latest mcp start`, permitting later remote package resolution.
- `.claude/settings.json` registers automatic Claude hooks and broad Bash/MCP permissions when used as project config.
- `v3/@swarmdo/cli/package.json` declares a postinstall script.
- `v3/@swarmdo/cli/scripts/postinstall.cjs` mutates reachable installed `agentdb` package directories and exports.
- Root `package.json` has no preinstall/install/postinstall lifecycle hook.
- Global Claude configuration changes occur only after an interactive installer selection and confirmation.
- The postinstall source performs local compatibility copies/exports changes only; no network, credential harvesting, or payload execution is present.
- `.claude/statusline-command.sh` only reads stdin, Git branch data, and project `.swarmdo` metrics.
- No source-confirmed secret exfiltration, destructive behavior, or stealth persistence was found.
Source & flagged code
29 flagged · loading sourcePackage contains a critical-looking secret pattern.
v3/@swarmdo/guidance/dist/manifest-validator.jsView on unpkg · L702RSA private key in v3/@swarmdo/guidance/dist/manifest-validator.js
v3/@swarmdo/guidance/dist/manifest-validator.jsView on unpkg · L702Package source references child process execution.
v3/@swarmdo/swarm/dist/coordination/agent-registry.jsView on unpkg · L51Package source references shell execution.
v3/@swarmdo/security/dist/safe-executor.jsView on unpkg · L85Hardcoded password in v3/@swarmdo/guidance/dist/analyzer.js
v3/@swarmdo/guidance/dist/analyzer.jsView on unpkg · L1344Hardcoded password in v3/@swarmdo/guidance/dist/analyzer.js
v3/@swarmdo/guidance/dist/analyzer.jsView on unpkg · L2127Package source references a known benign dynamic code generation pattern.
v3/@swarmdo/guidance/dist/analyzer.jsView on unpkg · L2103Package source references dynamic require/import behavior.
bin/cli.jsView on unpkg · L10Source writes installer persistence such as shell profile or service configuration.
v3/@swarmdo/cli/dist/src/init/statusline-generator.jsView on unpkg · L18A single source file combines environment access, network access, and code or shell execution; review context before blocking.
v3/@swarmdo/cli/dist/src/benchmarks/gaia-tools/grounded_query.js#virtual:normalized:round1View on unpkg · L49Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
v3/vendor/swarmvector/bin/cli.jsView on unpkg · L3Package source invokes a package manager install command at runtime.
v3/@swarmdo/codex/dist/initializer.jsView on unpkg · L300Package ships native binary artifacts.
v3/@swarmvector/attention/platforms/darwin-arm64/swarmvector-attention.nodeView on unpkgPackage ships WebAssembly modules.
v3/@swarmvector/swarmllm-wasm/swarmllm_wasm_bg.wasmView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.claude/statusline-command.shView on unpkgPackage ships non-JavaScript build or shell helper files.
.claude/statusline-command.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
v3/@swarmdo/cli/dist/src/changelog/changelog.jsView on unpkgHardcoded password in .claude/agents/core/reviewer.md
.claude/agents/core/reviewer.mdView on unpkg · L67Hardcoded password in .claude/agents/sparc/refinement.md
.claude/agents/sparc/refinement.mdView on unpkg · L41Hardcoded password in .claude/agents/sparc/refinement.md
.claude/agents/sparc/refinement.mdView on unpkg · L69Hardcoded password in .claude/agents/sparc/refinement.md
.claude/agents/sparc/refinement.mdView on unpkg · L245Hardcoded password in v3/@swarmdo/plugins/dist/integrations/swarmvector/swarmvector-bridge.js
v3/@swarmdo/plugins/dist/integrations/swarmvector/swarmvector-bridge.jsView on unpkg · L809Hardcoded password in v3/@swarmdo/plugins/dist/integrations/swarmvector/swarmvector-bridge.js
v3/@swarmdo/plugins/dist/integrations/swarmvector/swarmvector-bridge.jsView on unpkg · L1662Hardcoded password in v3/@swarmdo/plugins/dist/integrations/swarmvector/swarmvector-bridge.d.ts
v3/@swarmdo/plugins/dist/integrations/swarmvector/swarmvector-bridge.d.tsView on unpkg · L58Hardcoded password in v3/@swarmdo/plugins/dist/integrations/swarmvector/swarmvector-bridge.d.ts
v3/@swarmdo/plugins/dist/integrations/swarmvector/swarmvector-bridge.d.tsView on unpkg · L194Hardcoded password in v3/@swarmdo/aidefence/README.md
v3/@swarmdo/aidefence/README.mdView on unpkg · L337Hardcoded password in v3/@swarmdo/cli/.claude/agents/sparc/refinement.md
v3/@swarmdo/cli/.claude/agents/sparc/refinement.mdView on unpkg · L339Hardcoded password in v3/@swarmdo/cli/.claude/agents/sparc/refinement.md
v3/@swarmdo/cli/.claude/agents/sparc/refinement.mdView on unpkg · L367Hardcoded password in v3/@swarmdo/cli/.claude/agents/sparc/refinement.md
v3/@swarmdo/cli/.claude/agents/sparc/refinement.mdView on unpkg · L543